CVE Vulnerabilities

CVE-2014-8414

Published: Nov 24, 2014 | Modified: Dec 30, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

Affected Software

Name Vendor Start Version End Version
Asterisk Digium * 11.14.0 (including)
Asterisk Ubuntu trusty *
Asterisk Ubuntu upstream *
Asterisk Ubuntu utopic *

References