CVE-2018-19278 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

7.5HIGHNVD

EPSS

3.3%

top 12.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedNov 14

Latest updateMay 14

Description

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Alpinedigium/asterisk< 15.7.1-r0+16

▶NVDdigium/asterisk17 versions+16

▶debiandebian/asterisk

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-47fm-v3pv-gm8p: Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15↗2022-05-14

▶

OSV

CVE-2018-19278: Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15↗2018-11-14

▶

📋Vendor Advisories

Debian

CVE-2018-19278: asterisk - Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6...↗2018

▶

💬Community

Bugzilla

CVE-2018-19278 asterisk: Buffer overflow in the DNS SRV and NAPTR lookups [fedora-all]↗2018-11-15

▶

Bugzilla

CVE-2018-19278 asterisk: Buffer overflow in the DNS SRV and NAPTR lookups↗2018-11-15

▶

Bugzilla

CVE-2018-19278 asterisk: Buffer overflow in the DNS SRV and NAPTR lookups [epel-6]↗2018-11-15

▶