A flaw was discovered in Asterisk 13.x, 14.x, 15.x and 13.18. A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault and allows an attacker to perform a Denial of Service (DoS) attack. References: http://downloads.asterisk.org/pub/security/AST-2018-005.html https://issues.asterisk.org/jira/browse/ASTERISK-27618 Patch: http://downloads.asterisk.org/pub/security/AST-2018-005-13.diff [Asterisk 13] http://downloads.asterisk.org/pub/security/AST-2018-005-14.diff [Asterisk 14] http://downloads.asterisk.org/pub/security/AST-2018-005-15.diff [Asterisk 15] http://downloads.asterisk.org/pub/security/AST-2018-005-13.18.diff [Certified Asterisk 13.18]
Created asterisk tracking bugs for this issue: Affects: epel-6 [bug 1548139] Affects: fedora-all [bug 1548138]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.