cbcvebase.
CVE-2018-19278
published 2018-11-14

CVE-2018-19278: Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a…

PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.58%
87.9th percentile
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
debianasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0
digiumasterisk>= 0 < 15.7.1-r015.7.1-r0

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.