{"id":"CVE-2018-17281","details":"There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.","modified":"2026-05-18T05:51:33.828225784Z","published":"2018-09-24T22:29:01.580Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}],"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105389"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041694"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201811-11"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4320"},{"type":"REPORT","url":"https://issues.asterisk.org/jira/browse/ASTERISK-28013"},{"type":"FIX","url":"http://downloads.asterisk.org/pub/security/AST-2018-009.html"},{"type":"FIX","url":"http://seclists.org/fulldisclosure/2018/Sep/31"},{"type":"FIX","url":"https://seclists.org/bugtraq/2018/Sep/53"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"85335355efb2d7914a1fe20ed31afcef15fd210c"},{"last_affected":"8ac08a916c7fcc1ceecf3d682a1877c46deab626"},{"introduced":"c6d6dd133c3db3b202f1f0d457780c9a6d841e0f"},{"last_affected":"fdaecead781e4216a68c672ad0864ca895a47141"},{"introduced":"d4cc63728def7ca06ad3f70547de87bc5c9ef7c0"},{"last_affected":"8b6edb7502ee79f73ce3d8396e8f06ce00f8f042"},{"introduced":"0"},{"last_affected":"bf004c4584649d080979c4f877a6e9d3e793467c"},{"last_affected":"e3b1f2dfd87b098b22829ddba204a3d19c38306a"},{"last_affected":"2db4f6c01283e7491c3ee3b7507e59e5367df0ea"},{"last_affected":"5a25b825276c8df42d7d10579957f26d3c777fbf"},{"last_affected":"2eb8714f7c74342bb5bef4f54570f289cc43cc8b"},{"last_affected":"76ee915193c568d4fdfd6a30df2793f4711d2b6d"},{"last_affected":"13e940b985e514957ba16db34aeba17a67641cde"},{"last_affected":"9931aa6c6ff8554881f52d83108e9ffada85e184"},{"last_affected":"d50b5d4f4c312db9258fd5c76ab21591690e2c2e"},{"last_affected":"7b599be0d69ab2054e7ae3f69108137304d2beb3"},{"last_affected":"1bd1bd1178af16e6c04b39090a35ee03c37cc252"},{"last_affected":"2f9e79aa6fefcfac5caafb1db8e5237122860a6e"},{"last_affected":"7ce04c1641d67df68eac94c5bf5f8aff8fd44d43"},{"last_affected":"45e0392397605b8c8d0d975c63e21dd7b2c951de"},{"last_affected":"ac0f73694b59317f776ea2f4b8f777327def154e"},{"last_affected":"ad7e072a6d32dc0468fa08daa86bf302a7c057ab"},{"last_affected":"f0955f190a42e5c1ca20080d9e34d19c3c1b8646"},{"last_affected":"7d9a0a89df7e81b6bc821e92ebdda56e7f865a4b"},{"last_affected":"c1b521ad109122b09202e0cbf4018495bed6243b"},{"last_affected":"7e17de3d6634bcfcafe3e688807665e404580475"},{"last_affected":"f3969e49d194467a3cf5316c6ab6d5d9db2eba41"},{"last_affected":"c37d4abe63e0a37d659da04e3726ba687d4ef9f2"},{"last_affected":"1ee2ce8c703dd763d1779a877099640bb5cd46d0"},{"last_affected":"b8d1c8787e1cb329d294508a7d3f5d13da76216c"},{"last_affected":"3a76c2b0a9a51a0b80eaa8fea25ce728eb7db031"},{"last_affected":"9e5d6d7eb22a7e6af65406584c21d0b702dd92c3"},{"last_affected":"d661052e6d2eddae58bec5a04229c105d11e18f4"},{"last_affected":"742007f881f8cb04fe543fba4dbe5404589d9f14"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"13.0.0"},{"last_affected":"13.23.0"},{"introduced":"14.0.0"},{"last_affected":"14.7.7"},{"introduced":"15.0.0"},{"last_affected":"15.6.0"},{"introduced":"0"},{"last_affected":"11.6-cert12"},{"last_affected":"11.6-cert13"},{"last_affected":"11.6-cert14"},{"last_affected":"11.6-cert15"},{"last_affected":"11.6-cert16"},{"last_affected":"11.6-cert17"},{"last_affected":"11.6-cert18"},{"last_affected":"13.1-cert3"},{"last_affected":"13.1-cert4"},{"last_affected":"13.1-cert5"},{"last_affected":"13.1-cert6"},{"last_affected":"13.1-cert7"},{"last_affected":"13.1-cert8"},{"last_affected":"13.8-cert1"},{"last_affected":"13.8-cert2"},{"last_affected":"13.8-cert3"},{"last_affected":"13.8-cert4"},{"last_affected":"13.13-cert1"},{"last_affected":"13.13-cert2"},{"last_affected":"13.13-cert3"},{"last_affected":"13.13-cert4"},{"last_affected":"13.13-cert5"},{"last_affected":"13.13-cert6"},{"last_affected":"13.13-cert7"},{"last_affected":"13.13-cert8"},{"last_affected":"13.13-cert9"},{"last_affected":"13.21-cert1"},{"last_affected":"13.21-cert2"}],"cpe":["cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*","cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","cpe:2.3:a:digium:asterisk:*:*:*:*:standard:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:lts:*:*:*","cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:lts:*:*:*"]}}],"versions":["15.6.0-rc1","13.23.0-rc1","15.6.0","13.23.0","14.7.7","certified/13.21-cert2","14.7.6","certified/13.21-cert1","13.21.0-rc1","14.7.5","14.7.4","certified/13.13-cert9","14.7.3","certified/13.13-cert8","14.7.2","certified/13.13-cert7","14.7.1","certified/13.13-cert6","14.7.0","14.7.0-rc2","14.7.0-rc1","certified/11.6-cert18","certified/11.6-cert17","certified/13.13-cert5","certified/11.6-cert16","certified/13.13-cert4","certified/13.13-cert3","certified/13.13-cert2","certified/13.13-cert1","certified/13.13-cert1-rc4","certified/13.13-cert1-rc3","certified/13.8-cert4","certified/13.13-cert1-rc2","certified/11.6-cert15","13.13.0","certified/13.13-cert1-rc1","13.13.0-rc2","13.13.0-rc1","certified/13.8-cert3","certified/11.6-cert14","certified/11.6-cert14-rc2","certified/11.6-cert14-rc1","certified/13.1-cert8","certified/13.8-cert2","certified/13.8-cert2-rc1","certified/13.8-cert1","certified/13.8-cert1-rc3","certified/11.6-cert13","certified/13.8-cert1-rc2","certified/13.1-cert7","certified/13.1-cert6","certified/13.1-cert5","13.8.0","certified/13.8-cert1-rc1","13.8.0-rc1","certified/13.1-cert4","certified/11.6-cert12","certified/13.1-cert3","13.1.0","13.1.0-rc2","13.1.0-rc1","11.6.0","11.6.0-rc2","11.6.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17281.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}