← back
CVE-2018-7286

CVE-2018-7286

EPSS 39.5%
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44181/unverifiedexploitdbwww.exploit-db.com/exploits/44181unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://downloads.asterisk.org/pub/security/AST-2018-005.htmlhttps://issues.asterisk.org/jira/browse/ASTERISK-27618https://www.debian.org/security/2018/dsa-4320https://www.exploit-db.com/exploits/44181/http://www.securityfocus.com/bid/103129http://www.securitytracker.com/id/1040417