What is the severity of CVE-2018-19278?

The severity of CVE-2018-19278 is high with a severity value of 7.5.

Which versions of Digium Asterisk are affected by CVE-2018-19278?

Digium Asterisk versions 15.x before 15.6.2 and 16.x before 16.0.1 are affected by CVE-2018-19278.

How can remote attackers exploit CVE-2018-19278?

Remote attackers can exploit CVE-2018-19278 by sending a specially crafted DNS SRV or NAPTR response.

What can the exploitation of CVE-2018-19278 lead to?

The exploitation of CVE-2018-19278 can crash the Asterisk server.

Where can I find more information about CVE-2018-19278?

More information about CVE-2018-19278 can be found at the following references: [Link 1](https://downloads.asterisk.org/pub/security/AST-2018-010.html), [Link 2](https://issues.asterisk.org/jira/browse/ASTERISK-28127).

Vulnerability/
CVE-2018-19278

high

7.5

CWE

119

14/11/2018

16/9/2024

CVE-2018-19278: Buffer Overflow

First published: Wed Nov 14 2018(Updated: )

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Asterisk	=15.0.0
Asterisk	=15.0.0-b1
Asterisk	=15.0.0-rc1
Asterisk	=15.1.0
Asterisk	=15.1.0-rc1
Asterisk	=15.1.0-rc2
Asterisk	=15.1.2
Asterisk	=15.1.3
Asterisk	=15.1.4
Asterisk	=15.1.5
Asterisk	=15.2.0-rc1
Asterisk	=15.2.0-rc2
Asterisk	=15.2.1
Asterisk	=15.2.2
Asterisk	=15.3.0
Asterisk	=15.3.0-rc1
Asterisk	=15.3.0-rc2
Asterisk	=15.4.0
Asterisk	=15.4.0-rc1
Asterisk	=15.4.0-rc2
Asterisk	=15.4.1
Asterisk	=15.5.0
Asterisk	=15.5.0-rc1
Asterisk	=15.6.0
Asterisk	=15.6.0-rc1
Asterisk	=15.6.1
Asterisk	=16.0.0
Asterisk	=16.0.0-rc2
Asterisk	=16.0.0-rc3
Asterisk	=16.0.1-rc1

Remedy

https://downloads.asterisk.org/pub/security/AST-2018-010.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-19278?
The severity of CVE-2018-19278 is high with a severity value of 7.5.
Which versions of Digium Asterisk are affected by CVE-2018-19278?
Digium Asterisk versions 15.x before 15.6.2 and 16.x before 16.0.1 are affected by CVE-2018-19278.
How can remote attackers exploit CVE-2018-19278?
Remote attackers can exploit CVE-2018-19278 by sending a specially crafted DNS SRV or NAPTR response.
What can the exploitation of CVE-2018-19278 lead to?
The exploitation of CVE-2018-19278 can crash the Asterisk server.
Where can I find more information about CVE-2018-19278?
More information about CVE-2018-19278 can be found at the following references: [Link 1](https://downloads.asterisk.org/pub/security/AST-2018-010.html), [Link 2](https://issues.asterisk.org/jira/browse/ASTERISK-28127).

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/softwarecombine
agent/tags
vendor/digium
canonical/asterisk
version/asterisk/15.0.0
version/asterisk/15.0.0-b1
version/asterisk/15.0.0-rc1
version/asterisk/15.1.0
version/asterisk/15.1.0-rc1
version/asterisk/15.1.0-rc2
version/asterisk/15.1.2
version/asterisk/15.1.3
version/asterisk/15.1.4
version/asterisk/15.1.5
version/asterisk/15.2.0-rc1
version/asterisk/15.2.0-rc2
version/asterisk/15.2.1
version/asterisk/15.2.2
version/asterisk/15.3.0
version/asterisk/15.3.0-rc1
version/asterisk/15.3.0-rc2
version/asterisk/15.4.0
version/asterisk/15.4.0-rc1
version/asterisk/15.4.0-rc2
version/asterisk/15.4.1
version/asterisk/15.5.0
version/asterisk/15.5.0-rc1
version/asterisk/15.6.0
version/asterisk/15.6.0-rc1
version/asterisk/15.6.1
version/asterisk/16.0.0
version/asterisk/16.0.0-rc2
version/asterisk/16.0.0-rc3
version/asterisk/16.0.1-rc1