CVE-2014-8414

Severity

50%

Complexity

99%

Confidentiality

48%

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Digium Certified Asterisk

First reported 10 years ago

2014-11-24 15:59:00

Last updated 10 years ago

2014-12-30 21:18:00

Affected Software

Digium Certified Asterisk 11.6 cert 1 LTS

11.6

Digium Certified Asterisk 11.6 cert 2 LTS

11.6

Digium Certified Asterisk 11.6 cert 3 LTS

11.6

Digium Certified Asterisk 11.6 cert 4 LTS

11.6

Digium Certified Asterisk 11.6 cert 5 LTS

11.6

Digium Certified Asterisk 11.6 cert 6 LTS

11.6

Digium Certified Asterisk 11.6 cert 7 LTS

11.6

Digium Certified Asterisk 11.6.0 LTS

11.6.0

References

http://downloads.asterisk.org/pub/security/AST-2014-014.html

20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.