Back to search
CVE-2014-8414
Published: Nov 24, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://downloads.asterisk.org/pub/security/AST-2014-014.html
x_refsource_CONFIRM
20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now