CVE-2014-9374
EPSS 45.8%
Description
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
How to fix CVE-2014-9374
To remediate CVE-2014-9374, upgrade the affected package to a fixed version below.
- Debian/asterisk—upgrade to 1:13.1.0~dfsg-1 or later
Is CVE-2014-9374 being exploited?
Moderate — EPSS is 45.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:13.1.0~dfsg-1