Unrated severityNVD Advisory· Published Dec 12, 2014· Updated May 6, 2026
CVE-2014-9374
CVE-2014-9374
Description
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
Affected products
80cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*+ 70 more
- cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*+ 8 more
- cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- downloads.asterisk.org/pub/security/AST-2014-019.htmlnvdPatchVendor Advisory
- advisories.mageia.org/MGASA-2015-0010.htmlnvd
- packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.htmlnvd
- seclists.org/fulldisclosure/2014/Dec/48nvd
- secunia.com/advisories/60251nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/534197/100/0/threadednvd
- www.securityfocus.com/bid/71607nvd
- www.securitytracker.com/id/1031345nvd
News mentions
0No linked articles in our index yet.