Lucene search

[email protected]CVE-2014-9374

HistoryDec 12, 2014 - 3:59 p.m.

CVE-2014-9374

2014-12-1215:59:14

[email protected]

web.nvd.nist.gov

cve-2014-9374

websocket server

asterisk open source

vulnerability

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.035 Low

EPSS

Percentile

91.6%

JSON

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

Affected configurations

NVD

Node

digiumcertified_asteriskMatch11.6cert1lts

digiumcertified_asteriskMatch11.6cert2lts

digiumcertified_asteriskMatch11.6cert3lts

digiumcertified_asteriskMatch11.6cert4lts

digiumcertified_asteriskMatch11.6cert5lts

digiumcertified_asteriskMatch11.6cert6lts

digiumcertified_asteriskMatch11.6cert7lts

digiumcertified_asteriskMatch11.6cert8lts

digiumcertified_asteriskMatch11.6.0lts

Node

digiumasteriskMatch11.0.0

digiumasteriskMatch11.0.0beta1

digiumasteriskMatch11.0.0beta2

digiumasteriskMatch11.0.0rc1

digiumasteriskMatch11.0.0rc2

digiumasteriskMatch11.1.0

digiumasteriskMatch11.1.0rc1

digiumasteriskMatch11.1.0rc2

digiumasteriskMatch11.1.0rc3

digiumasteriskMatch11.2.0

digiumasteriskMatch11.2.0rc1

digiumasteriskMatch11.2.0rc2

digiumasteriskMatch11.3.0rc1

digiumasteriskMatch11.3.0rc2

digiumasteriskMatch11.4.0

digiumasteriskMatch11.4.0rc1

digiumasteriskMatch11.4.0rc2

digiumasteriskMatch11.4.0rc3

digiumasteriskMatch11.4.0rc4

digiumasteriskMatch11.5.0

digiumasteriskMatch11.5.0rc1

digiumasteriskMatch11.5.0rc2

digiumasteriskMatch11.6.0

digiumasteriskMatch11.6.0rc1

digiumasteriskMatch11.6.0rc2

digiumasteriskMatch11.7.0

digiumasteriskMatch11.7.0rc1

digiumasteriskMatch11.7.0rc2

digiumasteriskMatch11.8.0

digiumasteriskMatch11.8.0rc1

digiumasteriskMatch11.8.0rc2

digiumasteriskMatch11.8.0rc3

digiumasteriskMatch11.9.0

digiumasteriskMatch11.9.0rc1

digiumasteriskMatch11.9.0rc2

digiumasteriskMatch11.9.0rc3

digiumasteriskMatch11.10.0

digiumasteriskMatch11.10.0rc1

digiumasteriskMatch11.11.0

digiumasteriskMatch11.11.0rc1

digiumasteriskMatch11.12.0

digiumasteriskMatch11.12.0rc1

digiumasteriskMatch11.13.0

digiumasteriskMatch11.13.0rc1

digiumasteriskMatch11.14.0

digiumasteriskMatch11.14.0rc1

digiumasteriskMatch11.14.0rc2

digiumasteriskMatch12.0.0

digiumasteriskMatch12.1.0

digiumasteriskMatch12.1.0rc1

digiumasteriskMatch12.1.0rc2

digiumasteriskMatch12.1.0rc3

digiumasteriskMatch12.2.0

digiumasteriskMatch12.2.0rc1

digiumasteriskMatch12.2.0rc2

digiumasteriskMatch12.2.0rc3

digiumasteriskMatch12.3.0

digiumasteriskMatch12.3.0rc1

digiumasteriskMatch12.3.0rc2

digiumasteriskMatch12.4.0

digiumasteriskMatch12.4.0rc1

digiumasteriskMatch12.5.0

digiumasteriskMatch12.5.0rc1

digiumasteriskMatch12.6.0

digiumasteriskMatch12.6.0rc1

digiumasteriskMatch12.7.0

digiumasteriskMatch12.7.0rc1

digiumasteriskMatch12.7.0rc2

digiumasteriskMatch12.7.1

digiumasteriskMatch13.0.0

digiumasteriskMatch13.0.1

CPENameOperatorVersion
digium:certified_asteriskdigium certified asteriskeq11.6
digium:certified_asteriskdigium certified asteriskeq11.6.0

CPE	Name	Operator	Version
digium:certified_asterisk	digium certified asterisk	eq	11.6
digium:certified_asterisk	digium certified asterisk	eq	11.6.0

References

advisories.mageia.org/MGASA-2015-0010.html

downloads.asterisk.org/pub/security/AST-2014-019.html

packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html

seclists.org/fulldisclosure/2014/Dec/48

secunia.com/advisories/60251

www.mandriva.com/security/advisories?name=MDVSA-2015:018

www.securityfocus.com/archive/1/534197/100/0/threaded

www.securityfocus.com/bid/71607

www.securitytracker.com/id/1031345

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2014-9374

mageia1 nessus4 nvd1 ubuntucve1 securityvulns2 openvas2 prion1 freebsd1 cvelist1 debiancve1 gentoo1