Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk IAX POKE请求远程拒绝服务漏洞
Vulnerability Description
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk处理大量畸形请求时存在漏洞,如果远程攻击者向Asterisk服务器发送了大量IAX2 POKE请求的话,就可以耗尽服务器上所有与IAX2协议相关的呼叫号,导致其他IAX2呼叫无法通过。由于协议的性质,IAX2 POKE呼叫会等待ACK报文响应PONG报文。在等待ACK报文期间,这个对话会耗尽IAX2呼叫号,因为ACK报文必须包含有与PONG中所分配和发送完全相同的呼叫号。
CVSS Information
N/A
Vulnerability Type
N/A