Debian Asterisk vulnerabilities

CVE-2017-17850 [HIGH] CVE-2017-17850: asterisk - An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 ... An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerabi

CVE-2017-17090 [HIGH] CVE-2017-17090: asterisk - An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and old... An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to

CVE-2017-14098 [HIGH] CVE-2017-14098: asterisk - In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x... In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. Scope: local bullseye: resolved (fixed in 1:13.17.1~dfsg-1) sid: resolved (fixed in 1:13.17.1~dfsg-1)

CVE-2017-16671 [HIGH] CVE-2017-16671: asterisk - A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1... A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffe

CVE-2017-14099 [HIGH] CVE-2017-14099: asterisk - In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, ... In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that le

CVE-2017-17664 [MEDIUM] CVE-2017-17664: asterisk - A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4,... A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack. Scope: local bullseye: resolved (fixed in 1:13.18.5~dfsg-1) sid: resolved (fixed in 1:13.18.5~dfsg-1)

CVE-2017-16672 [MEDIUM] CVE-2017-16672: asterisk - An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.... An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Event

CVE-2016-7550 [HIGH] CVE-2016-7550: asterisk - asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impac... asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). Scope: local bullseye: resolved (fixed in 1:13.11.2~dfsg-1) sid: resolved (fixed in 1:13.11.2~dfsg-1)

CVE-2016-7551 [HIGH] CVE-2016-7551: asterisk - chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certi... chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). Scope: local bullseye: resolved (fixed in 1:13.11.2~dfsg-1) sid: resolved (fixed in 1:13.11.2~dfsg-1)

CVE-2016-9938 [MEDIUM] CVE-2016-9938: asterisk - An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before... An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC

CVE-2016-2316 [MEDIUM] CVE-2016-2316: asterisk - chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x befo... chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retr

CVE-2016-2232 [MEDIUM] CVE-2016-2232: asterisk - Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 an... Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. Scope: l

CVE-2016-9937 [HIGH] CVE-2016-9937: asterisk - An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13... An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating th

CVE-2015-3008 [MEDIUM] CVE-2015-3008: asterisk - Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.... Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, whi

CVE-2015-1558 [LOW] CVE-2015-1558: asterisk - Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the P... Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs. Scope: local bullseye: resolved (fixed in 1:13.1.0~dfsg-1.1) sid: resolved (fix

CVE-2014-8418 [CRITICAL] CVE-2014-8418: asterisk - The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x befor... The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. Scope: local bullseye: resol

CVE-2014-2286 [HIGH] CVE-2014-2286: asterisk - main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1,... main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. Scope: local bull

CVE-2014-8413 [HIGH] CVE-2014-8413: asterisk - The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x bef... The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules. Scope: local bullseye: resolved (fixed in 1:13.1.0~dfsg-1) sid: resolved (fixed in 1:13.1.0~dfsg-1)

CVE-2014-9374 [MEDIUM] CVE-2014-9374: asterisk - Double free vulnerability in the WebSocket Server (res_http_websocket module) in... Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. Scope: local bullseye: resolved

CVE-2014-8415 [MEDIUM] CVE-2014-8415: asterisk - Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x bef... Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. Scope: local bullseye: resolved (fixed in 1:13.1.0~dfsg-1) sid: r