CVE-2018-7284

HIGH

Asterisk Buffer Overflow via SUBSCRIBE Request Accept Headers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-7284. PoCs published by EnableSecurity, Rodrigo-D.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Asterisk's PJSIP channel driver by sending a malformed SUBSCRIBE message with multiple large 'Accept' headers, leading to stack corruption and potential remote code execution.

Description

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

Exploits (2)

exploitdb WORKING POC VERIFIED
by EnableSecurity · pythondoslinux
https://www.exploit-db.com/exploits/44184

This exploit demonstrates a stack-based buffer overflow in Asterisk's PJSIP channel driver by sending a malformed SUBSCRIBE message with multiple large 'Accept' headers, leading to stack corruption and potential remote code execution.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Asterisk (15.2.0, 13.19.0, 14.7.5, 13.11.2) with chan_pjsip
Auth required
Prerequisites: Network access to Asterisk SIP interface · Valid SIP credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Rodrigo-D · poc
https://github.com/Rodrigo-D/astDoS

This repository contains a proof-of-concept exploit for CVE-2018-7284, a buffer overflow vulnerability in Asterisk. The exploit involves sending maliciously crafted SIP SUBSCRIBE messages with oversized Accept headers to trigger a denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Asterisk (versions affected by CVE-2018-7284)
Auth required
Prerequisites: Network access to the Asterisk server · Valid SIP credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2018-004.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44184/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4320
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103151
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040416

Scores

CVSS v3 7.5
EPSS 0.5895
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (4)
debian/debian_linux 9.0
digium/asterisk < 13.19.1
digium/certified_asterisk 13.18 cert1 (2 CPE variants)
digium/certified_asterisk < 13.18
Published Feb 22, 2018
Tracked Since Feb 18, 2026