FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Buffer overflow in CDR's set user

Affected packages
asterisk13 < 13.14.1


VuXML ID 356b02e9-1954-11e7-9608-001999f8d30b
Discovery 2017-03-27
Entry 2017-04-04

The Asterisk project reports:

No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.