CVE-2014-9374

CVE Database · CVE-2014-9374

CVE-2014-9374

· N/AModified

CVSS v3.1

N/A

EPSS

9.53%

Published

Dec 12, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

Affected Products (80)

digium · certified_asteriskvulnerable

digium · asteriskvulnerable

References (18)

http://advisories.mageia.org/MGASA-2015-0010.html

http://downloads.asterisk.org/pub/security/AST-2014-019.html

PatchVendor Advisory

http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html

http://seclists.org/fulldisclosure/2014/Dec/48

http://secunia.com/advisories/60251

http://www.mandriva.com/security/advisories?name=MDVSA-2015:018

http://www.securityfocus.com/archive/1/534197/100/0/threaded

http://www.securityfocus.com/bid/71607

http://www.securitytracker.com/id/1031345

http://advisories.mageia.org/MGASA-2015-0010.html

KEV Catalog EPSS Scores Vendors All CVEs

digium · asteriskvulnerable

PatchVendor Advisory