5

CVE-2014-9374

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

Data is provided by the National Vulnerability Database (NVD)
DigiumCertified Asterisk Version11.6 Updatecert1 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert2 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert3 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert4 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert5 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert6 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert7 SwEditionlts
DigiumCertified Asterisk Version11.6 Updatecert8 SwEditionlts
DigiumCertified Asterisk Version11.6.0 SwEditionlts
DigiumAsterisk Version11.0.0
DigiumAsterisk Version11.0.0 Updatebeta1
DigiumAsterisk Version11.0.0 Updatebeta2
DigiumAsterisk Version11.0.0 Updaterc1
DigiumAsterisk Version11.0.0 Updaterc2
DigiumAsterisk Version11.1.0
DigiumAsterisk Version11.1.0 Updaterc1
DigiumAsterisk Version11.1.0 Updaterc2
DigiumAsterisk Version11.1.0 Updaterc3
DigiumAsterisk Version11.2.0
DigiumAsterisk Version11.2.0 Updaterc1
DigiumAsterisk Version11.2.0 Updaterc2
DigiumAsterisk Version11.3.0 Updaterc1
DigiumAsterisk Version11.3.0 Updaterc2
DigiumAsterisk Version11.4.0
DigiumAsterisk Version11.4.0 Updaterc1
DigiumAsterisk Version11.4.0 Updaterc2
DigiumAsterisk Version11.4.0 Updaterc3
DigiumAsterisk Version11.4.0 Updaterc4
DigiumAsterisk Version11.5.0
DigiumAsterisk Version11.5.0 Updaterc1
DigiumAsterisk Version11.5.0 Updaterc2
DigiumAsterisk Version11.6.0
DigiumAsterisk Version11.6.0 Updaterc1
DigiumAsterisk Version11.6.0 Updaterc2
DigiumAsterisk Version11.7.0
DigiumAsterisk Version11.7.0 Updaterc1
DigiumAsterisk Version11.7.0 Updaterc2
DigiumAsterisk Version11.8.0
DigiumAsterisk Version11.8.0 Updaterc1
DigiumAsterisk Version11.8.0 Updaterc2
DigiumAsterisk Version11.8.0 Updaterc3
DigiumAsterisk Version11.9.0
DigiumAsterisk Version11.9.0 Updaterc1
DigiumAsterisk Version11.9.0 Updaterc2
DigiumAsterisk Version11.9.0 Updaterc3
DigiumAsterisk Version11.10.0
DigiumAsterisk Version11.10.0 Updaterc1
DigiumAsterisk Version11.11.0
DigiumAsterisk Version11.11.0 Updaterc1
DigiumAsterisk Version11.12.0
DigiumAsterisk Version11.12.0 Updaterc1
DigiumAsterisk Version11.13.0
DigiumAsterisk Version11.13.0 Updaterc1
DigiumAsterisk Version11.14.0
DigiumAsterisk Version11.14.0 Updaterc1
DigiumAsterisk Version11.14.0 Updaterc2
DigiumAsterisk Version12.0.0
DigiumAsterisk Version12.1.0
DigiumAsterisk Version12.1.0 Updaterc1
DigiumAsterisk Version12.1.0 Updaterc2
DigiumAsterisk Version12.1.0 Updaterc3
DigiumAsterisk Version12.2.0
DigiumAsterisk Version12.2.0 Updaterc1
DigiumAsterisk Version12.2.0 Updaterc2
DigiumAsterisk Version12.2.0 Updaterc3
DigiumAsterisk Version12.3.0
DigiumAsterisk Version12.3.0 Updaterc1
DigiumAsterisk Version12.3.0 Updaterc2
DigiumAsterisk Version12.4.0
DigiumAsterisk Version12.4.0 Updaterc1
DigiumAsterisk Version12.5.0
DigiumAsterisk Version12.5.0 Updaterc1
DigiumAsterisk Version12.6.0
DigiumAsterisk Version12.6.0 Updaterc1
DigiumAsterisk Version12.7.0
DigiumAsterisk Version12.7.0 Updaterc1
DigiumAsterisk Version12.7.0 Updaterc2
DigiumAsterisk Version12.7.1
DigiumAsterisk Version13.0.0
DigiumAsterisk Version13.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 49.12% 0.977
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P