CVE-2018-17281

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-17281
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17281.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-17281
Downstream
Published
2018-09-24T22:29:01.580Z
Modified
2026-04-11T12:07:43.717796Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
85335355efb2d7914a1fe20ed31afcef15fd210c
Last affected
8ac08a916c7fcc1ceecf3d682a1877c46deab626
Introduced
c6d6dd133c3db3b202f1f0d457780c9a6d841e0f
Last affected
fdaecead781e4216a68c672ad0864ca895a47141
Introduced
d4cc63728def7ca06ad3f70547de87bc5c9ef7c0
Last affected
8b6edb7502ee79f73ce3d8396e8f06ce00f8f042
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bf004c4584649d080979c4f877a6e9d3e793467c
Last affected
e3b1f2dfd87b098b22829ddba204a3d19c38306a
Last affected
2db4f6c01283e7491c3ee3b7507e59e5367df0ea
Last affected
5a25b825276c8df42d7d10579957f26d3c777fbf
Last affected
2eb8714f7c74342bb5bef4f54570f289cc43cc8b
Last affected
76ee915193c568d4fdfd6a30df2793f4711d2b6d
Last affected
13e940b985e514957ba16db34aeba17a67641cde
Last affected
9931aa6c6ff8554881f52d83108e9ffada85e184
Last affected
d50b5d4f4c312db9258fd5c76ab21591690e2c2e
Last affected
7b599be0d69ab2054e7ae3f69108137304d2beb3
Last affected
1bd1bd1178af16e6c04b39090a35ee03c37cc252
Last affected
2f9e79aa6fefcfac5caafb1db8e5237122860a6e
Last affected
7ce04c1641d67df68eac94c5bf5f8aff8fd44d43
Last affected
45e0392397605b8c8d0d975c63e21dd7b2c951de
Last affected
ac0f73694b59317f776ea2f4b8f777327def154e
Last affected
ad7e072a6d32dc0468fa08daa86bf302a7c057ab
Last affected
f0955f190a42e5c1ca20080d9e34d19c3c1b8646
Last affected
7d9a0a89df7e81b6bc821e92ebdda56e7f865a4b
Last affected
c1b521ad109122b09202e0cbf4018495bed6243b
Last affected
7e17de3d6634bcfcafe3e688807665e404580475
Last affected
f3969e49d194467a3cf5316c6ab6d5d9db2eba41
Last affected
c37d4abe63e0a37d659da04e3726ba687d4ef9f2
Last affected
1ee2ce8c703dd763d1779a877099640bb5cd46d0
Last affected
b8d1c8787e1cb329d294508a7d3f5d13da76216c
Last affected
3a76c2b0a9a51a0b80eaa8fea25ce728eb7db031
Last affected
9e5d6d7eb22a7e6af65406584c21d0b702dd92c3
Last affected
d661052e6d2eddae58bec5a04229c105d11e18f4
Last affected
742007f881f8cb04fe543fba4dbe5404589d9f14
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:digium:asterisk:*:*:*:*:standard:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:lts:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:lts:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "13.0.0"
        },
        {
            "last_affected": "13.23.0"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.7.7"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "last_affected": "15.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.6-cert12"
        },
        {
            "last_affected": "11.6-cert13"
        },
        {
            "last_affected": "11.6-cert14"
        },
        {
            "last_affected": "11.6-cert15"
        },
        {
            "last_affected": "11.6-cert16"
        },
        {
            "last_affected": "11.6-cert17"
        },
        {
            "last_affected": "11.6-cert18"
        },
        {
            "last_affected": "13.1-cert3"
        },
        {
            "last_affected": "13.1-cert4"
        },
        {
            "last_affected": "13.1-cert5"
        },
        {
            "last_affected": "13.1-cert6"
        },
        {
            "last_affected": "13.1-cert7"
        },
        {
            "last_affected": "13.1-cert8"
        },
        {
            "last_affected": "13.8-cert1"
        },
        {
            "last_affected": "13.8-cert2"
        },
        {
            "last_affected": "13.8-cert3"
        },
        {
            "last_affected": "13.8-cert4"
        },
        {
            "last_affected": "13.13-cert1"
        },
        {
            "last_affected": "13.13-cert2"
        },
        {
            "last_affected": "13.13-cert3"
        },
        {
            "last_affected": "13.13-cert4"
        },
        {
            "last_affected": "13.13-cert5"
        },
        {
            "last_affected": "13.13-cert6"
        },
        {
            "last_affected": "13.13-cert7"
        },
        {
            "last_affected": "13.13-cert8"
        },
        {
            "last_affected": "13.13-cert9"
        },
        {
            "last_affected": "13.21-cert1"
        },
        {
            "last_affected": "13.21-cert2"
        }
    ]
}

Affected versions

11.*
11.6.0
11.6.0-rc1
11.6.0-rc2
13.*
13.1.0
13.1.0-rc1
13.1.0-rc2
13.13.0
13.13.0-rc1
13.13.0-rc2
13.21.0-rc1
13.23.0
13.23.0-rc1
13.8.0
13.8.0-rc1
14.*
14.7.0
14.7.0-rc1
14.7.0-rc2
14.7.1
14.7.2
14.7.3
14.7.4
14.7.5
14.7.6
14.7.7
15.*
15.6.0
15.6.0-rc1
certified/11.*
certified/11.6-cert12
certified/11.6-cert13
certified/11.6-cert14
certified/11.6-cert14-rc1
certified/11.6-cert14-rc2
certified/11.6-cert15
certified/11.6-cert16
certified/11.6-cert17
certified/11.6-cert18
certified/13.*
certified/13.1-cert3
certified/13.1-cert4
certified/13.1-cert5
certified/13.1-cert6
certified/13.1-cert7
certified/13.1-cert8
certified/13.13-cert1
certified/13.13-cert1-rc1
certified/13.13-cert1-rc2
certified/13.13-cert1-rc3
certified/13.13-cert1-rc4
certified/13.13-cert2
certified/13.13-cert3
certified/13.13-cert4
certified/13.13-cert5
certified/13.13-cert6
certified/13.13-cert7
certified/13.13-cert8
certified/13.13-cert9
certified/13.21-cert1
certified/13.21-cert2
certified/13.8-cert1
certified/13.8-cert1-rc1
certified/13.8-cert1-rc2
certified/13.8-cert1-rc3
certified/13.8-cert2
certified/13.8-cert2-rc1
certified/13.8-cert3
certified/13.8-cert4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17281.json"