[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9374Date: (C)2014-12-22   (M)2023-12-22


Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1031345
http://www.securityfocus.com/archive/1/534197/100/0/threaded
SECUNIA-60251
BID-71607
MDVSA-2015:018
http://advisories.mageia.org/MGASA-2015-0010.html
http://downloads.asterisk.org/pub/security/AST-2014-019.html
http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html

CPE    65
cpe:/a:digium:asterisk:11.9.0:rc3
cpe:/a:digium:asterisk:11.10.0:rc1
cpe:/a:digium:asterisk:11.2.0:rc1
cpe:/a:digium:asterisk:12.7.0:rc1
...

© SecPod Technologies