CVE-2014-2286

描述

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

如何修補 CVE-2014-2286

要修補 CVE-2014-2286,請將受影響套件升級到下列已修補版本。

• Debian/asterisk—升級至 1:11.8.1~dfsg-1 或更新版本
• Debian/asterisk—升級至 1:1.8.13.1~dfsg1-3+deb7u4 或更新版本

CVE-2014-2286 正在被利用嗎?

中等 — EPSS 為 14.8%,可持續追蹤但非最高優先。

受影響套件(2)

• from 0, < 1:11.8.1~dfsg-1
• from 0, < 1:1.8.13.1~dfsg1-3+deb7u4

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-2286