Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-7284

Опубликовано: 22 фев. 2018
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 5
CVSS3: 7.5

Описание

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needed
cosmic

not-affected

1:13.22.0~dfsg-2
devel

not-affected

1:16.2.1~dfsg-1
disco

not-affected

1:16.2.1~dfsg-1
eoan

not-affected

1:16.2.1~dfsg-1
esm-apps/bionic

needed

esm-apps/focal

not-affected

1:16.2.1~dfsg-1
esm-apps/jammy

not-affected

1:16.2.1~dfsg-1
esm-apps/noble

not-affected

1:16.2.1~dfsg-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%
0.65243
Средний

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-7284

CVSS3: 7.5
nvd
почти 8 лет назад

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

debian логотип

CVE-2018-7284

CVSS3: 7.5
debian
почти 8 лет назад

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14 ...

github логотип

GHSA-h9x3-h6rr-35ww

CVSS3: 7.5
github
больше 3 лет назад

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

EPSS

Процентиль: 98%
0.65243
Средний

5 Medium

CVSS2

7.5 High

CVSS3