CVE-2018-19278
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-19278
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Digium Asterisk 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Digium Asterisk是美国Digium公司的一套开源电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk 15.6.2之前的15.x版本和16.0.1之前的16.x版本中的DNS SRV和NAPTR查询存在缓冲区溢出漏洞,该漏洞源于程序使用压缩之后的长度而不是扩展之后的长度来匹配缓冲区的大小。远程攻击者可借助特制的DNS SRV或NAPTR响应利用该漏洞造成Asterisk崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2018-19278
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-19278
请登录查看更多情报信息。
- https://issues.asterisk.org/jira/browse/ASTERISK-28127x_refsource_MISC
- https://downloads.asterisk.org/pub/security/AST-2018-010.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-19278
Same Patch Batch · n/a · 2018-11-14 · 17 CVEs total
| CVE-2018-8549 | Microsoft Windows 安全漏洞 | |
| CVE-2018-8550 | Microsoft Windows COM Aggregate Marshaler 权限许可和访问控制问题漏洞 | |
| CVE-2018-8605 | Microsoft Dynamics 365 跨站脚本漏洞 | |
| CVE-2018-19186 | Amazon PAYFORT payfort-php-SDK payment gateway SDK 跨站脚本漏洞 | |
| CVE-2018-19187 | Amazon PAYFORT payfort-php-SDK payment gateway SDK 跨站脚本漏洞 | |
| CVE-2018-19188 | Amazon PAYFORT payfort-php-SDK payment gateway SDK 跨站脚本漏洞 | |
| CVE-2018-19189 | Amazon PAYFORT payfort-php-SDK payment gateway SDK 跨站脚本漏洞 | |
| CVE-2018-19190 | Amazon PAYFORT payfort-php-SDK payment gateway SDK 跨站脚本漏洞 | |
| CVE-2018-19271 | Centreon SQL注入漏洞 | |
| CVE-2018-19277 | PHPOffice PhpSpreadsheet 跨站脚本漏洞 | |
| CVE-2018-6072 | Google Chrome PDFium 数字错误漏洞 | |
| CVE-2018-6082 | Google Chrome 安全漏洞 | |
| CVE-2018-17960 | CKEditor 跨站脚本漏洞 | |
| CVE-2018-19279 | PRIMX ZoneCentral for Windows 安全漏洞 | |
| CVE-2018-19280 | Centreon 跨站脚本漏洞 | |
| CVE-2018-19281 | Centreon SQL注入漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2018-19278
No comments yet