CVE-2014-2286

EPSS 46.21%
Published 18.04.2014 22:14:37
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Digium ≫ Asterisk Version1.8.0

Digium ≫ Asterisk Version1.8.0 Updatebeta1

Digium ≫ Asterisk Version1.8.0 Updatebeta2

Digium ≫ Asterisk Version1.8.0 Updatebeta3

Digium ≫ Asterisk Version1.8.0 Updatebeta4

Digium ≫ Asterisk Version1.8.0 Updatebeta5

Digium ≫ Asterisk Version1.8.0 Updaterc2

Digium ≫ Asterisk Version1.8.0 Updaterc3

Digium ≫ Asterisk Version1.8.0 Updaterc4

Digium ≫ Asterisk Version1.8.0 Updaterc5

Digium ≫ Asterisk Version1.8.1

Digium ≫ Asterisk Version1.8.1 Updaterc1

Digium ≫ Asterisk Version1.8.1.1

Digium ≫ Asterisk Version1.8.1.2

Digium ≫ Asterisk Version1.8.2

Digium ≫ Asterisk Version1.8.2.1

Digium ≫ Asterisk Version1.8.2.2

Digium ≫ Asterisk Version1.8.2.3

Digium ≫ Asterisk Version1.8.2.4

Digium ≫ Asterisk Version1.8.3

Digium ≫ Asterisk Version1.8.3 Updaterc1

Digium ≫ Asterisk Version1.8.3 Updaterc2

Digium ≫ Asterisk Version1.8.3 Updaterc3

Digium ≫ Asterisk Version1.8.3.1

Digium ≫ Asterisk Version1.8.3.2

Digium ≫ Asterisk Version1.8.3.3

Digium ≫ Asterisk Version1.8.4

Digium ≫ Asterisk Version1.8.4 Updaterc1

Digium ≫ Asterisk Version1.8.4 Updaterc2

Digium ≫ Asterisk Version1.8.4 Updaterc3

Digium ≫ Asterisk Version1.8.4.1

Digium ≫ Asterisk Version1.8.4.2

Digium ≫ Asterisk Version1.8.4.3

Digium ≫ Asterisk Version1.8.4.4

Digium ≫ Asterisk Version1.8.5

Digium ≫ Asterisk Version1.8.5 Updaterc1

Digium ≫ Asterisk Version1.8.5.0

Digium ≫ Asterisk Version1.8.6.0

Digium ≫ Asterisk Version1.8.6.0 Updaterc1

Digium ≫ Asterisk Version1.8.6.0 Updaterc2

Digium ≫ Asterisk Version1.8.6.0 Updaterc3

Digium ≫ Asterisk Version1.8.7.0

Digium ≫ Asterisk Version1.8.7.0 Updaterc1

Digium ≫ Asterisk Version1.8.7.0 Updaterc2

Digium ≫ Asterisk Version1.8.7.1

Digium ≫ Asterisk Version1.8.8.0

Digium ≫ Asterisk Version1.8.8.0 Update-

Digium ≫ Asterisk Version1.8.8.0 Updatepatch

Digium ≫ Asterisk Version1.8.8.0 Updaterc1

Digium ≫ Asterisk Version1.8.8.0 Updaterc2

Digium ≫ Asterisk Version1.8.8.0 Updaterc3

Digium ≫ Asterisk Version1.8.8.0 Updaterc4

Digium ≫ Asterisk Version1.8.8.0 Updaterc5

Digium ≫ Asterisk Version1.8.8.1

Digium ≫ Asterisk Version1.8.8.2

Digium ≫ Asterisk Version1.8.9.0

Digium ≫ Asterisk Version1.8.9.0 Update-

Digium ≫ Asterisk Version1.8.9.0 Updaterc1

Digium ≫ Asterisk Version1.8.9.0 Updaterc2

Digium ≫ Asterisk Version1.8.9.0 Updaterc3

Digium ≫ Asterisk Version1.8.9.1

Digium ≫ Asterisk Version1.8.9.2

Digium ≫ Asterisk Version1.8.9.3

Digium ≫ Asterisk Version1.8.10.0

Digium ≫ Asterisk Version1.8.10.0 Update-

Digium ≫ Asterisk Version1.8.10.0 Updaterc1

Digium ≫ Asterisk Version1.8.10.0 Updaterc2

Digium ≫ Asterisk Version1.8.10.0 Updaterc3

Digium ≫ Asterisk Version1.8.10.0 Updaterc4

Digium ≫ Asterisk Version1.8.10.1

Digium ≫ Asterisk Version1.8.11.0

Digium ≫ Asterisk Version1.8.11.0 Update-

Digium ≫ Asterisk Version1.8.11.0 Updatepatch

Digium ≫ Asterisk Version1.8.11.0 Updaterc2

Digium ≫ Asterisk Version1.8.11.0 Updaterc3

Digium ≫ Asterisk Version1.8.11.1

Digium ≫ Asterisk Version1.8.11.1 Update-

Digium ≫ Asterisk Version1.8.11.1 Updatepatch

Digium ≫ Asterisk Version1.8.12

Digium ≫ Asterisk Version1.8.12.0

Digium ≫ Asterisk Version1.8.12.0 Update-

Digium ≫ Asterisk Version1.8.12.0 Updaterc1

Digium ≫ Asterisk Version1.8.12.0 Updaterc2

Digium ≫ Asterisk Version1.8.12.0 Updaterc3

Digium ≫ Asterisk Version1.8.12.1

Digium ≫ Asterisk Version1.8.12.2

Digium ≫ Asterisk Version1.8.13.0

Digium ≫ Asterisk Version1.8.13.0 Updaterc1

Digium ≫ Asterisk Version1.8.13.0 Updaterc2

Digium ≫ Asterisk Version1.8.13.1

Digium ≫ Asterisk Version1.8.14.0 Update-

Digium ≫ Asterisk Version1.8.14.0 Updatepatch

Digium ≫ Asterisk Version1.8.14.0 Updaterc1

Digium ≫ Asterisk Version1.8.14.0 Updaterc2

Digium ≫ Asterisk Version1.8.14.1

Digium ≫ Asterisk Version1.8.14.1 Update-

Digium ≫ Asterisk Version1.8.14.1 Updatepatch

Digium ≫ Asterisk Version1.8.15.0

Digium ≫ Asterisk Version1.8.15.0 Update-

Digium ≫ Asterisk Version1.8.15.0 Updaterc1

Digium ≫ Asterisk Version1.8.15.1

Digium ≫ Asterisk Version1.8.16.0

Digium ≫ Asterisk Version1.8.16.0 Update-

Digium ≫ Asterisk Version1.8.16.0 Updaterc1

Digium ≫ Asterisk Version1.8.16.0 Updaterc2

Digium ≫ Asterisk Version1.8.17.0

Digium ≫ Asterisk Version1.8.17.0 Update-

Digium ≫ Asterisk Version1.8.17.0 Updatepatch

Digium ≫ Asterisk Version1.8.17.0 Updaterc1

Digium ≫ Asterisk Version1.8.17.0 Updaterc2

Digium ≫ Asterisk Version1.8.17.0 Updaterc3

Digium ≫ Asterisk Version1.8.18.0

Digium ≫ Asterisk Version1.8.18.0 Update-

Digium ≫ Asterisk Version1.8.18.0 Updaterc1

Digium ≫ Asterisk Version1.8.18.1

Digium ≫ Asterisk Version1.8.19.0

Digium ≫ Asterisk Version1.8.19.0 Update-

Digium ≫ Asterisk Version1.8.19.0 Updaterc1

Digium ≫ Asterisk Version1.8.19.0 Updaterc3

Digium ≫ Asterisk Version1.8.19.1

Digium ≫ Asterisk Version1.8.20.0 Update-

Digium ≫ Asterisk Version1.8.20.0 Updatepatch

Digium ≫ Asterisk Version1.8.20.0 Updaterc1

Digium ≫ Asterisk Version1.8.20.0 Updaterc2

Digium ≫ Asterisk Version1.8.20.1 Update-

Digium ≫ Asterisk Version1.8.20.1 Updatepatch

Digium ≫ Asterisk Version1.8.20.2 Update-

Digium ≫ Asterisk Version1.8.20.2 Updatepatch

Digium ≫ Asterisk Version1.8.21.0 Update-

Digium ≫ Asterisk Version1.8.21.0 Updaterc1

Digium ≫ Asterisk Version1.8.21.0 Updaterc2

Digium ≫ Asterisk Version1.8.22.0 Update-

Digium ≫ Asterisk Version1.8.22.0 Updaterc1

Digium ≫ Asterisk Version1.8.22.0 Updaterc2

Digium ≫ Asterisk Version1.8.23.0 Update-

Digium ≫ Asterisk Version1.8.23.0 Updatepatch

Digium ≫ Asterisk Version1.8.23.0 Updaterc1

Digium ≫ Asterisk Version1.8.23.0 Updaterc2

Digium ≫ Asterisk Version1.8.23.1

Digium ≫ Asterisk Version1.8.24.0 Update-

Digium ≫ Asterisk Version1.8.24.0 Updaterc1

Digium ≫ Asterisk Version1.8.24.0 Updaterc2

Digium ≫ Asterisk Version1.8.24.1

Digium ≫ Asterisk Version1.8.25.0 Update-

Digium ≫ Asterisk Version1.8.25.0 Updaterc1

Digium ≫ Asterisk Version1.8.25.0 Updaterc2

Digium ≫ Asterisk Version1.8.26.0 Update-

Digium ≫ Asterisk Version1.8.26.0 Updaterc1

Digium ≫ Asterisk Version11.8.0 Update-

Digium ≫ Asterisk Version11.8.0 Updaterc1

Digium ≫ Asterisk Version11.8.0 Updaterc2

Digium ≫ Asterisk Version11.8.0 Updaterc3

Digium ≫ Asterisk Version12.1.0 Update-

Digium ≫ Asterisk Version12.1.0 Updaterc1

Digium ≫ Asterisk Version12.1.0 Updaterc2

Digium ≫ Asterisk Version12.1.0 Updaterc3

Fedoraproject ≫ Fedora Version19

Fedoraproject ≫ Fedora Version20

Digium ≫ Certified Asterisk Version1.8.0.0 Update-

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta1

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta2

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta3

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta4

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta5

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc5

Digium ≫ Certified Asterisk Version1.8.1.0 Update-

Digium ≫ Certified Asterisk Version1.8.1.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.2.0 Update-

Digium ≫ Certified Asterisk Version1.8.2.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.3.0 Update-

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.4.0 Update-

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.5.0 Update-

Digium ≫ Certified Asterisk Version1.8.5.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.6.0 Update-

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.7.0 Update-

Digium ≫ Certified Asterisk Version1.8.7.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.7.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.8.0 Update-

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc5

Digium ≫ Certified Asterisk Version1.8.9.0 Update-

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.10.0 Update-

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.11.0 Update-

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.12.0 Update-

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.13.0 Update-

Digium ≫ Certified Asterisk Version1.8.13.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.13.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.14.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.14.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.15 Update-

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert4

Digium ≫ Certified Asterisk Version11.6 Updatecert1

Digium ≫ Certified Asterisk Version11.6 Updatecert1_rc1

Digium ≫ Certified Asterisk Version11.6 Updatecert1_rc2

Digium ≫ Certified Asterisk Version11.6.0 Update-

Digium ≫ Certified Asterisk Version11.6.0 Updaterc1

Digium ≫ Certified Asterisk Version11.6.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	46.21%	0.973

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2014-001.html

Patch

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html

http://www.mandriva.com/security/advisories?name=MDVSA-2014:078

http://www.securityfocus.com/bid/66093

https://issues.asterisk.org/jira/browse/ASTERISK-23340

https://nvd.nist.gov/vuln/detail/CVE-2014-2286

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2286

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2286

EUVD