CVE-2014-8414
published 2014-11-24CVE-2014-8414: ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.34%
81.5th percentile
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:13.1.0~dfsg-1 (bullseye) | asterisk 1:13.1.0~dfsg-1 (bullseye) |
| digium | asterisk | <= 11.14.0 | — |
| digium | asterisk | >= 0 < 1:13.1.0~dfsg-1 | 1:13.1.0~dfsg-1 |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-8414: asterisk - ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11...
vendor_debian·2014·CVSS 5.0
CVE-2014-8414 [MEDIUM] CVE-2014-8414: asterisk - ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11...
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
Scope: local
bullseye: resolved (fixed in 1:13.1.0~dfsg-1)
sid: resolved (fixed in 1:13.1.0~dfsg-1)
GHSA
GHSA-2mc6-x8h4-86rp: ConfBridge in Asterisk 11
ghsa_unreviewed·2022-05-17
CVE-2014-8414 [MEDIUM] GHSA-2mc6-x8h4-86rp: ConfBridge in Asterisk 11
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
OSV
CVE-2014-8414: ConfBridge in Asterisk 11
osv·2014-11-24·CVSS 5.0
CVE-2014-8414 [MEDIUM] CVE-2014-8414: ConfBridge in Asterisk 11
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
No detection rules found.
No public exploits indexed.
2014-11-24
Published