CVE-2023-49786

Опубликовано: 14 дек. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
lunar	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2023-49786

EPSS

Процентиль: 21%

0.00065

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-49786

CVSS3: 7.5

nvd

больше 1 года назад

CVE-2023-49786

CVSS3: 7.5

debian

больше 1 года назад

Asterisk is an open source private branch exchange and telephony toolk ...

BDU:2023-08816

CVSS3: 7.5

fstec

почти 2 года назад

Уязвимость реализации протоколов DTLS (Datagram Transport Layer Security) и SRTP (Secure Real-time Transport Protocol) систем управления IP-телефонией Asterisk и Certified Asterisk, позволяющая нарушителю вызвать отказ в обслуживании

ROS-20240807-03

CVSS3: 7.5

redos

11 месяцев назад

Множественные уязвимости asterisk

EPSS

Процентиль: 21%

0.00065

Низкий

7.5 High

CVSS3

CVE-2023-49786

Описание

Пакет asterisk

Ссылки на источники

Связанные уязвимости