Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Asterisk Open Source 输入验证漏洞
Vulnerability Description
Digium Asterisk Open Source是美国Digium公司的一套开源的电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source 12.7.0及之前版本和13.0.0及之前版本的PJSIP通道驱动程序中存在释放后重用漏洞。程序使用res_pjsip_refer模块时,远程攻击者可借助带有Replaces消息的in-dialog INVITE利用该漏洞造成拒绝服务(崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A