CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

Published: Feb 22, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-7284
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
digium / asterisk	15.0.0	15.2.1.x
digium / asterisk	14.0.0	14.7.5.x
digium / asterisk	-	13.19.1.x
digium / certified_asterisk	13.18-cert1	13.18-cert1.x
digium / certified_asterisk	13.18-cert2	13.18-cert2.x
digium / certified_asterisk	-	13.18.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,697

CVE-2018-7284