CVE-2018-7285 — NULL Pointer Dereference in Asterisk

CWE-476 — NULL Pointer Dereference6 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedFeb 22

Latest updateMay 14

Description

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDdigium/asterisk15.0.0 — 15.2.1

▶debiandebian/asterisk

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-2pjx-4j7g-wf3f: A NULL pointer access issue was discovered in Asterisk 15↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2018-7285: asterisk - A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The ...↗2018

▶

💬Community

Bugzilla

CVE-2018-7285 asterisk: NULL Pointer Dereference in RTP [fedora-all]↗2018-02-22

▶

Bugzilla

CVE-2018-7285 asterisk: NULL Pointer Dereference in RTP [epel-6]↗2018-02-22

▶

Bugzilla

CVE-2018-7285 asterisk: NULL Pointer Dereference in RTP↗2018-02-22

▶