VDB
GCVE-110-MAGEIA-2014-171
GCVE-110-MAGEIA-2014-171
Advisory Published
Updated asterisk packages fix security vulnerabilities:
In Asterisk before 11.6.1, a 16 bit SMS message that contains an odd message
length value will cause the message decoding loop to run forever. The message
buffer is not on the stack but will be overflowed resulting in corrupted
memory and an immediate crash (CVE-2013-7100).
In Asterisk before 11.6.1, external control protocols, such as the Asterisk
Manager Interface, often have the ability to get and set channel variables;
this allows the execution of dialplan functions. Reading the SHELL() function
can execute arbitrary commands on the system Asterisk is running on. Writing
to the FILE() function can change any file that Asterisk has write access to.
When these functions are executed from an external protocol, that execution
could result in a privilege escalation (AST-2013-007).
In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk
with a large number of Cookie headers could overflow the stack. You could
even exhaust memory if you sent an unlimited number of headers in the request
(CVE-2014-2286).
In Asterisk before 11.8.1, an attacker can use all available file descriptors
using SIP INVITE requests. Each INVITE meeting certain conditions will leak a
channel and several file descriptors. The file descriptors cannot be released
without restarting Asterisk which may allow intrusion detection systems to be
bypassed by sending the requests slowly (CVE-2014-2287).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | clucene | 0 (affected), 2.3.3.4-3.1.mga3 (unaffected) | — |
| Mageia | clucene | 0 (affected), 2.3.3.4-4.1.mga4 (unaffected) | — |
| Mageia | asterisk | 0 (affected), 0 (affected), 11.8.1-1.mga3 (unaffected), 11.8.1-1.mga3 (unaffected) | — |
References
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.