AST-2012-011: Remote Crash Vulnerability In Voice Mail Application
If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.
Management of the memory in question has been reworked so that double frees and out of bounds array access do not occur. Upgrade to the latest release.
- Product Release Series
- Asterisk Open Source 1.8.x 1.8.11 and newer
- Asterisk Open Source 10.x 10.3 and newer
- Certified Asterisk 1.8.11-certx All versions
- Asterisk Digiumphones 10.x.x-digiumphones All versions
- Product Release
- Asterisk Open Source 22.214.171.124, 10.5.2
- Certified Asterisk 1.8.11-cert4
- Asterisk Digiumphones 10.5.2-digiumphones