CVE-2014-4047 Affecting asterisk package, versions <1:11.10.2~dfsg-1


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.76% (82nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN10-ASTERISK-428597
  • published17 Jun 2014
  • disclosed17 Jun 2014

Introduced: 17 Jun 2014

CVE-2014-4047  (opens in a new tab)

How to fix?

Upgrade Debian:10 asterisk to version 1:11.10.2~dfsg-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream asterisk package and not the asterisk package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.

CVSS Scores

version 3.1