Infinite Loop Vulnerability in Asterisk Open Source TCP/TLS Connections
CVE-2018-12228
6.5MEDIUM
What is CVE-2018-12228?
A vulnerability in Asterisk Open Source 15.x prior to version 15.4.1 allows an attacker connected via TCP/TLS to disrupt the service. When a client abruptly disconnects or sends a specially crafted message, Asterisk encounters an infinite loop while attempting to read from the data stream, resulting in system unresponsiveness and denial of service. This vulnerability poses significant risks, particularly in environments where reliable communication is critical.