{"id":"CVE-2018-19278","details":"Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.","modified":"2026-04-10T04:07:31.996692Z","published":"2018-11-14T20:29:00.587Z","references":[{"type":"FIX","url":"https://downloads.asterisk.org/pub/security/AST-2018-010.html"},{"type":"EVIDENCE","url":"https://issues.asterisk.org/jira/browse/ASTERISK-28127"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"0"},{"last_affected":"d4cc63728def7ca06ad3f70547de87bc5c9ef7c0"},{"introduced":"0"},{"last_affected":"479db70a28adb96d8d0466a654a5fcaa0f4e7df5"},{"introduced":"0"},{"last_affected":"fbaca8d545df7304fcd1373179f7e00502d8f521"},{"introduced":"0"},{"last_affected":"620d45dbf27746fadb1307e60122e04d4f9eec09"},{"introduced":"0"},{"last_affected":"75a97ab9cd6059408973b74ae4977f24b1f63306"},{"introduced":"0"},{"last_affected":"fecd5b4d912c3a682279bd888341e0f038a40e4e"},{"introduced":"0"},{"last_affected":"fe805c75fc3232c8e3d9c5fcba4dff6c5c9a1b8c"},{"introduced":"0"},{"last_affected":"037105ead04401d138e966e1bc3c5b740f554d1a"},{"introduced":"0"},{"last_affected":"1e30451dcc9eb76174faa1bf19ec285b3c22c363"},{"introduced":"0"},{"last_affected":"92e00857bc8a37fe4453a5dec6b4a37a146f44e3"},{"introduced":"0"},{"last_affected":"31dc5ba70cda984710f148df8f293544b4908228"},{"introduced":"0"},{"last_affected":"6a815cb3db06986dba8cda0f9f3d0d65629a1443"},{"introduced":"0"},{"last_affected":"6bdbc136862791eb670fa59f6cf7ca33be9a5732"},{"introduced":"0"},{"last_affected":"07a25cac91b5c607e342b7b306590f5621833c69"},{"introduced":"0"},{"last_affected":"0182eb3c2ba83a3c1b94aa32e2fc8dabda550ae5"},{"introduced":"0"},{"last_affected":"44d74d40c1748e2d62a3f9e6b1b1cc356084387d"},{"introduced":"0"},{"last_affected":"e364f11b5b1a55e9ca3f7cc0b55308688c4d8aa5"},{"introduced":"0"},{"last_affected":"60f5d0e5c55629e078e56de3dc5222a8aafe062e"},{"introduced":"0"},{"last_affected":"5b266f817ab80a7877902785bca1539d5e723084"},{"introduced":"0"},{"last_affected":"97b17a97812a5b3f30dba94cc7b3b3a2e81473e5"},{"introduced":"0"},{"last_affected":"023a3cfa0b25fdad6212798139dc8ca48318adc8"},{"introduced":"0"},{"last_affected":"db24efd0e4f3a4d3b100859d4c2b37aca20806f3"},{"introduced":"0"},{"last_affected":"8b6edb7502ee79f73ce3d8396e8f06ce00f8f042"},{"introduced":"0"},{"last_affected":"4465ac3623884429a1d1807869efa51ad95ae9ea"},{"introduced":"0"},{"last_affected":"e670822770741abbabb478d5f959a792f71b3a46"},{"introduced":"0"},{"last_affected":"a65908f83e2f17a3aca7eb39c8e06045aca02674"},{"introduced":"0"},{"last_affected":"f2e0808760e243ab739a68a38886038e66e2ed16"},{"introduced":"0"},{"last_affected":"e9e55148df22ad448e5321aad4e919b1ceec6862"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"15.0.0"},{"introduced":"0"},{"last_affected":"15.0.0-rc1"},{"introduced":"0"},{"last_affected":"15.1.0"},{"introduced":"0"},{"last_affected":"15.1.0-rc1"},{"introduced":"0"},{"last_affected":"15.1.0-rc2"},{"introduced":"0"},{"last_affected":"15.1.2"},{"introduced":"0"},{"last_affected":"15.1.3"},{"introduced":"0"},{"last_affected":"15.1.4"},{"introduced":"0"},{"last_affected":"15.1.5"},{"introduced":"0"},{"last_affected":"15.2.0-rc1"},{"introduced":"0"},{"last_affected":"15.2.0-rc2"},{"introduced":"0"},{"last_affected":"15.2.1"},{"introduced":"0"},{"last_affected":"15.2.2"},{"introduced":"0"},{"last_affected":"15.3.0"},{"introduced":"0"},{"last_affected":"15.3.0-rc1"},{"introduced":"0"},{"last_affected":"15.3.0-rc2"},{"introduced":"0"},{"last_affected":"15.4.0"},{"introduced":"0"},{"last_affected":"15.4.0-rc1"},{"introduced":"0"},{"last_affected":"15.4.0-rc2"},{"introduced":"0"},{"last_affected":"15.4.1"},{"introduced":"0"},{"last_affected":"15.5.0"},{"introduced":"0"},{"last_affected":"15.5.0-rc1"},{"introduced":"0"},{"last_affected":"15.6.0"},{"introduced":"0"},{"last_affected":"15.6.0-rc1"},{"introduced":"0"},{"last_affected":"15.6.1"},{"introduced":"0"},{"last_affected":"16.0.0"},{"introduced":"0"},{"last_affected":"16.0.0-rc2"},{"introduced":"0"},{"last_affected":"16.0.0-rc3"}]}}],"versions":["15.0.0","15.0.0-beta1","15.0.0-rc1","15.1.0","15.1.0-rc1","15.1.0-rc2","15.1.1","15.1.2","15.1.3","15.1.4","15.1.5","15.2.0","15.2.0-rc1","15.2.0-rc2","15.2.1","15.2.2","15.3.0","15.3.0-rc1","15.3.0-rc2","15.4.0","15.4.0-rc1","15.4.0-rc2","15.4.1","15.5.0","15.5.0-rc1","15.6.0","15.6.0-rc1","15.6.1","16.0.0","16.0.0-rc2","16.0.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19278.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.0.0-b1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.1-rc1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}