CVE-2014-9374

Medium

5/10

Summary

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

References

Advisory Timeline

Published Dec 12, 2014

CVE-2014-9374

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS