FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Buffer overflow in CDR's set user

Affected packages
asterisk13 < 13.18.1

Details

VuXML ID ab04cb0b-c533-11e7-8da5-001999f8d30b
Discovery 2017-10-09
Entry 2017-11-09
Modified 2017-12-13

The Asterisk project reports:

No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. The earlier AST-2017-001 advisory for the CDR user field overflow was for the Party A buffer.

References

CVE Name CVE-2017-16671
URL https://downloads.asterisk.org/pub/security/AST-2017-010.html