FreeBSD : asterisk -- Buffer overflow in CDR's set user (ab04cb0b-c533-11e7-8da5-001999f8d30b)
Medium Nessus Plugin ID 104490
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Asterisk project reports :
No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. The earlier AST-2017-001 advisory for the CDR user field overflow was for the Party A buffer.
SolutionUpdate the affected package.