Denial of Service and Arbitrary Code Execution via HTTP Request with Large Number of Cookie Headers in Asterisk Open Source and Certified Asterisk

Denial of Service and Arbitrary Code Execution via HTTP Request with Large Number of Cookie Headers in Asterisk Open Source and Certified Asterisk

CVE-2014-2286 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Learn more about our Open Source Audit.