Vulnerability Details : CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
Vulnerability category: Overflow
Products affected by CVE-2018-7284
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*
Threat overview for CVE-2018-7284
Top countries where our scanners detected CVE-2018-7284
Top open port discovered on systems with this issue
80
IPs affected by CVE-2018-7284 14,106
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-7284!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-7284
78.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7284
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-7284
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7284
-
http://downloads.asterisk.org/pub/security/AST-2018-004.html
AST-2018-004Patch;Vendor Advisory
-
https://www.exploit-db.com/exploits/44184/
Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack CorruptionExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040416
Asterisk Accept Header Processing Error in 'res_pjsip_pubsub' Lets Remote Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/103151
Multiple Asterisk Products CVE-2018-7284 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2018/dsa-4320
Debian -- Security Information -- DSA-4320-1 asteriskThird Party Advisory
Jump to