Showing 1 - 3 of 3

Files from Sauw Ming

First Active	2022-03-07
Last Active	2022-03-07

Asterisk Project Security Advisory - AST-2022-006: Posted Mar 7, 2022; Authored by Kevin Harwell, Sauw Ming | Site asterisk.org; If an incoming SIP message contains a malformed multi-part body an out-of-bounds read access may occur, which can result in undefined behavior. Note, it is currently uncertain if there is any externally exploitable vector within Asterisk for this issue, but they are providing this as a security issue out of caution.; tags | advisory; advisories | CVE-2022-21723; SHA-256 | 97b8999a7c776bc25667d248af8128d9089bb735a74f21b5e8602a90fb5d57dc; Download | Favorite | View

Asterisk Project Security Advisory - AST-2022-005: Posted Mar 7, 2022; Authored by Kevin Harwell, Sauw Ming | Site asterisk.org; When acting as a UAC, and when placing an outgoing call to a target that then forks, Asterisk may experience undefined behavior after a dialog set is prematurely freed.; tags | advisory; advisories | CVE-2022-23608; SHA-256 | caf0098653c4aa078aff32dd6a697ddb405273dec27531e5365356d26193b7fe; Download | Favorite | View

Asterisk Project Security Advisory - AST-2022-004: Posted Mar 7, 2022; Authored by Kevin Harwell, Sauw Ming | Site asterisk.org; The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party.; tags | advisory, remote; advisories | CVE-2021-37706; SHA-256 | b4d958ee6e32f6f622c4ae3b0cd99a1c00dcde4578e8d8eca299633634cfec4c; Download | Favorite | View