Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1 as well as certified-asterisk prior to 18.9-cert6 Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.Īsterisk is an open source private branch exchange and telephony toolkit. This is due to improper restrictions on the add() function. The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |