Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Asterisk和Certified Asterisk 安全漏洞
Vulnerability Description
Digium Asterisk和Certified Asterisk都是美国Digium公司的开源电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk和Certified Asterisk中存在安全漏洞,该漏洞源于程序没有充分的验证RTCP数据包。攻击者可利用该漏洞读取缓冲区内容。以下产品和版本受到影响:Asterisk 11.25.3之前的11.x版本,13.17.2之前的13.x版本,14.6.2之前的14.x版本;Certifi
CVSS Information
N/A
Vulnerability Type
N/A