FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Buffer overflow in CDR's set user

Affected packages
aasterisk13 < 13.18.1

Details

VuXML ID ab04cb0b-c533-11e7-8da5-001999f8d30b
Discovery 2017-10-09
Entry 2017-11-09

The Asterisk project reports:

No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. The earlier AST-2017-001 advisory for the CDR user field overflow was for the Party A buffer.

References

URL https://downloads.asterisk.org/pub/security/AST-2017-010.html