1. CVE-Search
  2. CVE-2018-12228
ID CVE-2018-12228
Summary An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
References
Vulnerable Configurations
  • cpe:2.3:a:asterisk:open_source:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:open_source:15.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:open_source:15.4.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
refmap via4
bid 104457
confirm
Last major update 03-10-2019 - 00:03
Published 12-06-2018 - 04:29
Last modified 03-10-2019 - 00:03
Back to Top