CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

packagechannelchannel versionpkg versionstatus
asterisk
nixos-18.03
2019-02-20 10:25:14 UTC (cb0e20)14.6.1vulnerable
2019-01-16 18:00:31 UTC (138f2c)14.6.1vulnerable
2018-12-09 06:05:37 UTC (b551f8)14.6.1vulnerable
2018-11-29 21:00:31 UTC (a18112)14.6.1vulnerable
2018-11-28 06:10:25 UTC (9c96d1)14.6.1vulnerable
2018-11-23 12:45:42 UTC (e64482)14.6.1vulnerable
2018-11-20 12:35:27 UTC (947247)14.6.1vulnerable
2018-11-16 21:00:27 UTC (263f7b)14.6.1vulnerable
2018-11-14 10:35:19 UTC (1d8470)14.6.1vulnerable
2018-11-05 13:10:34 UTC (21b7f5)14.6.1vulnerable
2018-11-02 08:50:28 UTC (0e614d)14.6.1vulnerable
2018-10-30 16:25:07 UTC (19fc6d)14.6.1vulnerable
2018-10-30 14:40:31 UTC (6f07d2)14.6.1vulnerable
2018-10-28 11:35:42 UTC (b4e3a4)14.6.1vulnerable
2018-10-15 12:50:34 UTC (5d19e3)14.6.1vulnerable
2018-10-13 20:20:17 UTC (e85e0c)14.6.1vulnerable
2018-10-13 09:40:17 UTC (d592f2)14.6.1vulnerable
2018-10-11 15:15:08 UTC (5a38f7)14.6.1vulnerable
2018-10-09 11:20:30 UTC (c56ede)14.6.1vulnerable
2018-10-05 13:25:12 UTC (862fb5)14.6.1vulnerable
2018-10-05 13:00:32 UTC (c4eddc)14.6.1vulnerable
2018-09-21 06:10:31 UTC (d16a7a)14.6.1vulnerable
2018-09-19 17:10:27 UTC (8edf56)14.6.1vulnerable
2018-09-18 17:55:38 UTC (305f13)14.6.1vulnerable
2018-09-16 07:30:36 UTC (01f5e7)14.6.1vulnerable
2018-09-13 15:30:12 UTC (5f59ab)14.6.1vulnerable
2018-09-08 09:20:09 UTC (45f52f)14.6.1vulnerable
2018-09-02 21:10:32 UTC (8b92a4)14.6.1vulnerable
2018-09-02 14:20:10 UTC (8c172c)14.6.1vulnerable
2018-09-01 13:55:20 UTC (a960b8)14.6.1vulnerable
2018-08-31 04:20:38 UTC (a37638)14.6.1vulnerable
2018-08-29 17:10:10 UTC (edd63e)14.6.1vulnerable
2018-08-24 19:10:30 UTC (fde201)14.6.1vulnerable
2018-08-23 23:50:20 UTC (f094fd)14.6.1vulnerable
2018-08-19 18:15:22 UTC (4df342)14.6.1vulnerable
2018-08-18 23:45:22 UTC (47b68d)14.6.1vulnerable
2018-08-17 21:25:22 UTC (a4e068)14.6.1vulnerable
2018-08-17 14:30:05 UTC (cd0cd9)14.6.1vulnerable
2018-08-16 13:20:15 UTC (c1ef96)14.6.1vulnerable
2018-08-16 08:30:34 UTC (8b4ed6)14.6.1vulnerable
2018-08-15 15:40:37 UTC (5b8a24)14.6.1vulnerable
2018-08-15 05:50:22 UTC (66bd47)14.6.1vulnerable
2018-08-14 17:35:19 UTC (9cbc73)14.6.1vulnerable
2018-08-13 09:25:26 UTC (10b979)14.6.1vulnerable
2018-08-13 03:20:34 UTC (89ff9f)14.6.1vulnerable
2018-08-12 04:35:15 UTC (bfeab2)14.6.1vulnerable
2018-08-12 00:00:33 UTC (190ec7)14.6.1vulnerable
2018-08-10 22:20:22 UTC (e42c07)14.6.1vulnerable
2018-08-10 17:05:22 UTC (2c3f9c)14.6.1vulnerable
2018-08-09 21:05:22 UTC (3af001)14.6.1vulnerable
2018-08-07 05:10:16 UTC (230f98)14.6.1vulnerable
2018-08-03 03:05:12 UTC (d0c868)14.6.1vulnerable
2018-08-02 12:45:41 UTC (18401b)14.6.1vulnerable
2018-08-02 06:10:24 UTC (0e55dd)14.6.1vulnerable
2018-08-01 00:55:32 UTC (a1299c)14.6.1vulnerable
2018-07-31 16:00:28 UTC (b74b1c)14.6.1vulnerable
2018-07-30 09:15:16 UTC (6115f4)14.6.1vulnerable
2018-07-20 17:40:08 UTC (d6c6c7)14.6.1vulnerable
2018-07-12 04:35:08 UTC (411cc5)14.6.1vulnerable
2018-07-10 08:10:12 UTC (aec217)14.6.1vulnerable
2018-07-10 03:15:29 UTC (5e10df)14.6.1vulnerable
2018-07-09 02:40:20 UTC (e930c6)14.6.1vulnerable
2018-07-08 17:55:36 UTC (de7ca4)14.6.1vulnerable
2018-07-08 10:25:33 UTC (298e17)14.6.1vulnerable
2018-07-04 20:00:25 UTC (56fad1)14.6.1vulnerable
2018-06-30 13:55:14 UTC (2f06e0)14.6.1vulnerable
2018-06-29 17:10:06 UTC (0a70d6)14.6.1vulnerable
2018-06-25 10:30:35 UTC (94d80e)14.6.1vulnerable
2018-06-23 08:30:21 UTC (91b286)14.6.1vulnerable
2018-06-21 23:25:24 UTC (68e02f)14.6.1vulnerable
2018-06-17 01:05:39 UTC (14c248)14.6.1vulnerable
2018-06-16 09:40:33 UTC (f3c913)14.6.1vulnerable
2018-06-14 21:57:20 UTC (08d245)14.6.1vulnerable
asterisk-lts
nixos-18.03
2019-02-20 10:25:14 UTC (cb0e20)13.17.1vulnerable
2019-01-16 18:00:31 UTC (138f2c)13.17.1vulnerable
2018-12-09 06:05:37 UTC (b551f8)13.17.1vulnerable
2018-11-29 21:00:31 UTC (a18112)13.17.1vulnerable
2018-11-28 06:10:25 UTC (9c96d1)13.17.1vulnerable
2018-11-23 12:45:42 UTC (e64482)13.17.1vulnerable
2018-11-20 12:35:27 UTC (947247)13.17.1vulnerable
2018-11-16 21:00:27 UTC (263f7b)13.17.1vulnerable
2018-11-14 10:35:19 UTC (1d8470)13.17.1vulnerable
2018-11-05 13:10:34 UTC (21b7f5)13.17.1vulnerable
2018-11-02 08:50:28 UTC (0e614d)13.17.1vulnerable
2018-10-30 16:25:07 UTC (19fc6d)13.17.1vulnerable
2018-10-30 14:40:31 UTC (6f07d2)13.17.1vulnerable
2018-10-28 11:35:42 UTC (b4e3a4)13.17.1vulnerable
2018-10-15 12:50:34 UTC (5d19e3)13.17.1vulnerable
2018-10-13 20:20:17 UTC (e85e0c)13.17.1vulnerable
2018-10-13 09:40:17 UTC (d592f2)13.17.1vulnerable
2018-10-11 15:15:08 UTC (5a38f7)13.17.1vulnerable
2018-10-09 11:20:30 UTC (c56ede)13.17.1vulnerable
2018-10-05 13:25:12 UTC (862fb5)13.17.1vulnerable
2018-10-05 13:00:32 UTC (c4eddc)13.17.1vulnerable
2018-09-21 06:10:31 UTC (d16a7a)13.17.1vulnerable
2018-09-19 17:10:27 UTC (8edf56)13.17.1vulnerable
2018-09-18 17:55:38 UTC (305f13)13.17.1vulnerable
2018-09-16 07:30:36 UTC (01f5e7)13.17.1vulnerable
2018-09-13 15:30:12 UTC (5f59ab)13.17.1vulnerable
2018-09-08 09:20:09 UTC (45f52f)13.17.1vulnerable
2018-09-02 21:10:32 UTC (8b92a4)13.17.1vulnerable
2018-09-02 14:20:10 UTC (8c172c)13.17.1vulnerable
2018-09-01 13:55:20 UTC (a960b8)13.17.1vulnerable
2018-08-31 04:20:38 UTC (a37638)13.17.1vulnerable
2018-08-29 17:10:10 UTC (edd63e)13.17.1vulnerable
2018-08-24 19:10:30 UTC (fde201)13.17.1vulnerable
2018-08-23 23:50:20 UTC (f094fd)13.17.1vulnerable
2018-08-19 18:15:22 UTC (4df342)13.17.1vulnerable
2018-08-18 23:45:22 UTC (47b68d)13.17.1vulnerable
2018-08-17 21:25:22 UTC (a4e068)13.17.1vulnerable
2018-08-17 14:30:05 UTC (cd0cd9)13.17.1vulnerable
2018-08-16 13:20:15 UTC (c1ef96)13.17.1vulnerable
2018-08-16 08:30:34 UTC (8b4ed6)13.17.1vulnerable
2018-08-15 15:40:37 UTC (5b8a24)13.17.1vulnerable
2018-08-15 05:50:22 UTC (66bd47)13.17.1vulnerable
2018-08-14 17:35:19 UTC (9cbc73)13.17.1vulnerable
2018-08-13 09:25:26 UTC (10b979)13.17.1vulnerable
2018-08-13 03:20:34 UTC (89ff9f)13.17.1vulnerable
2018-08-12 04:35:15 UTC (bfeab2)13.17.1vulnerable
2018-08-12 00:00:33 UTC (190ec7)13.17.1vulnerable
2018-08-10 22:20:22 UTC (e42c07)13.17.1vulnerable
2018-08-10 17:05:22 UTC (2c3f9c)13.17.1vulnerable
2018-08-09 21:05:22 UTC (3af001)13.17.1vulnerable
2018-08-07 05:10:16 UTC (230f98)13.17.1vulnerable
2018-08-03 03:05:12 UTC (d0c868)13.17.1vulnerable
2018-08-02 12:45:41 UTC (18401b)13.17.1vulnerable
2018-08-02 06:10:24 UTC (0e55dd)13.17.1vulnerable
2018-08-01 00:55:32 UTC (a1299c)13.17.1vulnerable
2018-07-31 16:00:28 UTC (b74b1c)13.17.1vulnerable
2018-07-30 09:15:16 UTC (6115f4)13.17.1vulnerable
2018-07-20 17:40:08 UTC (d6c6c7)13.17.1vulnerable
2018-07-12 04:35:08 UTC (411cc5)13.17.1vulnerable
2018-07-10 08:10:12 UTC (aec217)13.17.1vulnerable
2018-07-10 03:15:29 UTC (5e10df)13.17.1vulnerable
2018-07-09 02:40:20 UTC (e930c6)13.17.1vulnerable
2018-07-08 17:55:36 UTC (de7ca4)13.17.1vulnerable
2018-07-08 10:25:33 UTC (298e17)13.17.1vulnerable
2018-07-04 20:00:25 UTC (56fad1)13.17.1vulnerable
2018-06-30 13:55:14 UTC (2f06e0)13.17.1vulnerable
2018-06-29 17:10:06 UTC (0a70d6)13.17.1vulnerable
2018-06-25 10:30:35 UTC (94d80e)13.17.1vulnerable
2018-06-23 08:30:21 UTC (91b286)13.17.1vulnerable
2018-06-21 23:25:24 UTC (68e02f)13.17.1vulnerable
2018-06-17 01:05:39 UTC (14c248)13.17.1vulnerable
2018-06-16 09:40:33 UTC (f3c913)13.17.1vulnerable
2018-06-14 21:57:20 UTC (08d245)13.17.1vulnerable