FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Buffer overflow in CDR's set user

Affected packages
asterisk13 < 13.14.1

Details

VuXML ID 356b02e9-1954-11e7-9608-001999f8d30b
Discovery 2017-03-27
Entry 2017-04-04

The Asterisk project reports:

No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.

References

URL http://downloads.asterisk.org/pub/security/AST-2017-001.html
URL https://issues.asterisk.org/jira/browse/ASTERISK-26897