QwikSec

Security Database

CVE

CWE

Training

CVE-2018-17281

Published: Sep 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade

mailing-list

x_refsource_BUGTRAQ

https://issues.asterisk.org/jira/browse/ASTERISK-28013

x_refsource_CONFIRM

[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

http://downloads.asterisk.org/pub/security/AST-2018-009.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.