FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests

Affected packages
16.16.0 <= asterisk16 < 16.16.1
18.2.0 <= asterisk18 < 18.2.1

Details

VuXML ID ca21f5e7-7228-11eb-8386-001999f8d30b
Discovery 2021-02-11
Entry 2021-02-18

The Asterisk project reports:

Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.

References

CVE Name CVE-2021-26714
URL https://downloads.asterisk.org/pub/security/AST-2021-004.html