FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Buffer overflow in CDR's set user

Affected packages
asterisk13 < 13.14.1

Details

VuXML ID 356b02e9-1954-11e7-9608-001999f8d30b
Discovery 2017-03-27
Entry 2017-04-04

The Asterisk project reports:

No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.

[source]

References

URL http://downloads.asterisk.org/pub/security/AST-2017-001.html
URL https://issues.asterisk.org/jira/browse/ASTERISK-26897

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.