Asterisk Open Source and Certified Asterisk RTP Resource Exhaustion Denial of Service Vulnerability



Asterisk Open Source and Certified Asterisk are prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

The following products and versions are vulnerable:

Asterisk 11.0 through 11.23.0
Asterisk 13.0 through 13.11.0
Certified Asterisk 11.6
Certified Asterisk 13.8

Information

Bugtraq ID: 92888
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: No
Published: Aug 23 2016 12:00AM
Updated: Aug 23 2016 12:00AM
Credit: Etienne Lessard
Vulnerable: Digium Certified Asterisk 13.8
Digium Certified Asterisk 11.6
Digium Asterisk 13.11
Digium Asterisk 13.10
Digium Asterisk 13.2
Digium Asterisk 13.1
Digium Asterisk 13.0.1
Digium Asterisk 11.23
Digium Asterisk 11.12
Digium Asterisk 11.11
Digium Asterisk 11.10.1
Digium Asterisk 11.8.1
Digium Asterisk 11.7
Digium Asterisk 11.1.2
Digium Asterisk 11.0.2
Digium Asterisk 11.9.0
Digium Asterisk 11.8.0 -
Digium Asterisk 11.6.0
Digium Asterisk 11.13.0
Digium Asterisk 11.10.0
Digium Asterisk 11.1.1
Digium Asterisk 11.1.0
Digium Asterisk 11.0.1
Digium Asterisk 11.0.0


Not Vulnerable: Digium Certified Asterisk 13.8-cert3
Digium Certified Asterisk 11.6-cert15
Digium Asterisk 13.11.1
Digium Asterisk 11.23.1



Source: www.securityfocus.com
Related Posts