Back to search
CVE-2014-9374
Published: Dec 12, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://advisories.mageia.org/MGASA-2015-0010.html
x_refsource_CONFIRM
http://downloads.asterisk.org/pub/security/AST-2014-019.html
x_refsource_CONFIRM
MDVSA-2015:018
vendor-advisory
x_refsource_MANDRIVA
20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server
mailing-list
x_refsource_BUGTRAQ
71607
vdb-entry
x_refsource_BID
20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server
mailing-list
x_refsource_FULLDISC
60251
third-party-advisory
x_refsource_SECUNIA
1031345
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now