CVE-2018-19278

CVE Database · CVE-2018-19278

CVE-2018-19278

· N/AModified

CVSS v3.1

N/A

EPSS

3.58%

Published

Nov 14, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

Weaknesses (CWE)

CWE-119

Affected Products (30)

digium · asteriskvulnerable

· asterisk

References (4)

https://downloads.asterisk.org/pub/security/AST-2018-010.html

PatchVendor Advisory

https://issues.asterisk.org/jira/browse/ASTERISK-28127

ExploitVendor Advisory

https://downloads.asterisk.org/pub/security/AST-2018-010.html

PatchVendor Advisory

https://issues.asterisk.org/jira/browse/ASTERISK-28127

ExploitVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs