Vulnerability Details CVE-2018-12228
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.8
References
- http://downloads.asterisk.org/pub/security/AST-2018-007.html
- http://www.securityfocus.com/bid/104457
- https://issues.asterisk.org/jira/browse/ASTERISK-27807
- http://downloads.asterisk.org/pub/security/AST-2018-007.html
- http://www.securityfocus.com/bid/104457
- https://issues.asterisk.org/jira/browse/ASTERISK-27807
Products affected by CVE-2018-12228
-
cpe:2.3:a:sangoma:asterisk:15.0.0
-
cpe:2.3:a:sangoma:asterisk:15.1.0
-
cpe:2.3:a:sangoma:asterisk:15.1.2
-
cpe:2.3:a:sangoma:asterisk:15.1.4
-
cpe:2.3:a:sangoma:asterisk:15.1.5
-
cpe:2.3:a:sangoma:asterisk:15.2.0
-
cpe:2.3:a:sangoma:asterisk:15.2.1
-
cpe:2.3:a:sangoma:asterisk:15.2.2
-
cpe:2.3:a:sangoma:asterisk:15.3.0
-
cpe:2.3:a:sangoma:asterisk:15.4.0