Vulnerabilites related to asterisk - asterisk
CVE-2025-49832 (GCVE-0-2025-49832)
Vulnerability from cvelistv5
Published
2025-08-01 17:57
Modified
2025-08-01 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T18:28:56.826749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T18:29:18.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.3"
},
{
"status": "affected",
"version": "\u003e= 20.00.0, \u003c 20.15.1"
},
{
"status": "affected",
"version": "\u003e= 21.00.0, \u003c 21.10.1"
},
{
"status": "affected",
"version": "\u003e= 22.00.0, \u003c 22.5.1"
},
{
"status": "affected",
"version": "\u003e= 20.7-cert6, \u003c 20.7-cert7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:57:29.933Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"
}
],
"source": {
"advisory": "GHSA-mrq5-74j5-f5cr",
"discovery": "UNKNOWN"
},
"title": "Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49832",
"datePublished": "2025-08-01T17:57:29.933Z",
"dateReserved": "2025-06-11T14:33:57.799Z",
"dateUpdated": "2025-08-01T18:29:18.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35190 (GCVE-0-2024-35190)
Vulnerability from cvelistv5
Published
2024-05-17 16:55
Modified
2024-08-02 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:21.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "21.3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:20.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "20.8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:18.23.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "18.23.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T19:33:53.154042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:28:38.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
},
{
"name": "https://github.com/asterisk/asterisk/pull/600",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"name": "https://github.com/asterisk/asterisk/pull/602",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "= 21.3.0"
},
{
"status": "affected",
"version": "= 20.8.0"
},
{
"status": "affected",
"version": "= 18.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480: Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T16:55:41.346Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
},
{
"name": "https://github.com/asterisk/asterisk/pull/600",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"name": "https://github.com/asterisk/asterisk/pull/602",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
}
],
"source": {
"advisory": "GHSA-qqxj-v78h-hrf9",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027 res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35190",
"datePublished": "2024-05-17T16:55:41.346Z",
"dateReserved": "2024-05-10T14:24:24.341Z",
"dateUpdated": "2024-08-02T03:07:46.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47779 (GCVE-0-2025-47779)
Vulnerability from cvelistv5
Published
2025-05-22 16:54
Modified
2025-05-22 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:25:58.891881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:26:57.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.9-cert14"
},
{
"status": "affected",
"version": "\u003e= 18.10, \u003c 18.26.2"
},
{
"status": "affected",
"version": "\u003e= 20.0, \u003c 20.7-cert5"
},
{
"status": "affected",
"version": "\u003e= 20.8, \u003c 20.14.1"
},
{
"status": "affected",
"version": "\u003e= 21.0, \u003c 21.9.1"
},
{
"status": "affected",
"version": "\u003e= 22.0, \u003c 22.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-140",
"description": "CWE-140: Improper Neutralization of Delimiters",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-792",
"description": "CWE-792: Incomplete Filtering of One or More Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:54:26.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"
}
],
"source": {
"advisory": "GHSA-2grh-7mhv-fcfw",
"discovery": "UNKNOWN"
},
"title": "Using malformed From header can forge identity with \";\" or NULL in name portion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47779",
"datePublished": "2025-05-22T16:54:26.314Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-05-22T17:26:57.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1595 (GCVE-0-2007-1595)
Vulnerability from cvelistv5
Published
2007-03-22 23:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23155"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.digium.com/view/asterisk?rev=59073\u0026view=rev"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=9316"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24694"
},
{
"name": "ADV-2007-1123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-04-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23155"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.digium.com/view/asterisk?rev=59073\u0026view=rev"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.digium.com/view.php?id=9316"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24694"
},
{
"name": "ADV-2007-1123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23155"
},
{
"name": "http://svn.digium.com/view/asterisk?rev=59073\u0026view=rev",
"refsource": "CONFIRM",
"url": "http://svn.digium.com/view/asterisk?rev=59073\u0026view=rev"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "http://bugs.digium.com/view.php?id=9316",
"refsource": "MISC",
"url": "http://bugs.digium.com/view.php?id=9316"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24694"
},
{
"name": "ADV-2007-1123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1595",
"datePublished": "2007-03-22T23:00:00",
"dateReserved": "2007-03-22T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0441 (GCVE-0-2010-0441)
Vulnerability from cvelistv5
Published
2010-02-04 18:00
Modified
2024-08-07 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:18.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/view.php?id=16517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/view.php?id=16634"
},
{
"name": "ADV-2010-0289",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0289"
},
{
"name": "38047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38047"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/view.php?id=16724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"name": "20100202 AST-2010-001: T.38 Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"name": "38395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38395"
},
{
"name": "1023532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/view.php?id=16517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/view.php?id=16634"
},
{
"name": "ADV-2010-0289",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0289"
},
{
"name": "38047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38047"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/view.php?id=16724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"name": "20100202 AST-2010-001: T.38 Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"name": "38395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38395"
},
{
"name": "1023532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"name": "https://issues.asterisk.org/view.php?id=16517",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16517"
},
{
"name": "https://issues.asterisk.org/view.php?id=16634",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16634"
},
{
"name": "ADV-2010-0289",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0289"
},
{
"name": "38047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38047"
},
{
"name": "39096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "https://issues.asterisk.org/view.php?id=16724",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16724"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"name": "20100202 AST-2010-001: T.38 Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"name": "38395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38395"
},
{
"name": "1023532",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023532"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0441",
"datePublished": "2010-02-04T18:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:52:18.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1594 (GCVE-0-2007-1594)
Vulnerability from cvelistv5
Published
2007-03-22 23:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907\u0026r2=59038"
},
{
"name": "23093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23093"
},
{
"name": "ADV-2007-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"name": "1017809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/48338"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "20070321 Two new DoS Vulnerabilities in Asterisk Fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"name": "24579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24579"
},
{
"name": "GLSA-200704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"name": "[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907\u0026r2=59038"
},
{
"name": "23093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23093"
},
{
"name": "ADV-2007-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"name": "1017809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/48338"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "20070321 Two new DoS Vulnerabilities in Asterisk Fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"name": "24579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24579"
},
{
"name": "GLSA-200704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"name": "[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907\u0026r2=59038",
"refsource": "MISC",
"url": "http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907\u0026r2=59038"
},
{
"name": "23093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23093"
},
{
"name": "ADV-2007-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1077"
},
{
"name": "http://bugs.digium.com/view.php?id=9313",
"refsource": "MISC",
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"name": "1017809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017809"
},
{
"name": "http://www.asterisk.org/node/48338",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/48338"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "20070321 Two new DoS Vulnerabilities in Asterisk Fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"name": "24579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24579"
},
{
"name": "GLSA-200704-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24719"
},
{
"name": "http://www.sineapps.com/news.php?rssid=1707",
"refsource": "CONFIRM",
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"name": "[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability",
"refsource": "MLIST",
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1594",
"datePublished": "2007-03-22T23:00:00",
"dateReserved": "2007-03-22T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2293 (GCVE-0-2007-2293)
Vulnerability from cvelistv5
Published
2007-04-26 20:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23648"
},
{
"name": "35368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35368"
},
{
"name": "ADV-2007-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "20070425 ASA-2007-010: Two stack buffer overflows in SIP channel\u0027s T.38 SDP parsing code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466883/100/0/threaded"
},
{
"name": "20070704 Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472804/100/0/threaded"
},
{
"name": "asterisk-processsdp-bo(33895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33895"
},
{
"name": "24977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24977"
},
{
"name": "1018337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018337"
},
{
"name": "1017951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017951"
},
{
"name": "2645",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2645"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/files/ASA-2007-010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23648"
},
{
"name": "35368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35368"
},
{
"name": "ADV-2007-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "20070425 ASA-2007-010: Two stack buffer overflows in SIP channel\u0027s T.38 SDP parsing code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466883/100/0/threaded"
},
{
"name": "20070704 Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472804/100/0/threaded"
},
{
"name": "asterisk-processsdp-bo(33895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33895"
},
{
"name": "24977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24977"
},
{
"name": "1018337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018337"
},
{
"name": "1017951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017951"
},
{
"name": "2645",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2645"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/files/ASA-2007-010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23648"
},
{
"name": "35368",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35368"
},
{
"name": "ADV-2007-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "20070425 ASA-2007-010: Two stack buffer overflows in SIP channel\u0027s T.38 SDP parsing code",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466883/100/0/threaded"
},
{
"name": "20070704 Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472804/100/0/threaded"
},
{
"name": "asterisk-processsdp-bo(33895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33895"
},
{
"name": "24977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24977"
},
{
"name": "1018337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018337"
},
{
"name": "1017951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017951"
},
{
"name": "2645",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2645"
},
{
"name": "http://www.asterisk.org/files/ASA-2007-010.pdf",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/files/ASA-2007-010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2293",
"datePublished": "2007-04-26T20:00:00",
"dateReserved": "2007-04-26T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3723 (GCVE-0-2009-3723)
Vulnerability from cvelistv5
Published
2019-10-29 12:42
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- calls allowed on prohibited networks in asterisk
Summary
asterisk allows calls on prohibited networks
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "All 1.6.1 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asterisk allows calls on prohibited networks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "calls allowed on prohibited networks in asterisk",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T12:42:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "asterisk",
"version": {
"version_data": [
{
"version_value": "All 1.6.1 versions"
}
]
}
}
]
},
"vendor_name": "asterisk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asterisk allows calls on prohibited networks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "calls allowed on prohibited networks in asterisk"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3723",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"name": "https://access.redhat.com/security/cve/cve-2009-3723",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3723",
"datePublished": "2019-10-29T12:42:08",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from cvelistv5
Published
2023-12-14 19:40
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3764 (GCVE-0-2007-3764)
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3764",
"datePublished": "2007-07-18T17:00:00",
"dateReserved": "2007-07-13T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from cvelistv5
Published
2023-12-14 19:47
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42491 (GCVE-0-2024-42491)
Vulnerability from cvelistv5
Published
2024-09-05 17:17
Modified
2024-09-05 18:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:48:24.364960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:52:42.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.24.3"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.9.3"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.4.3"
},
{
"status": "affected",
"version": "\u003c 18.9-cert12"
},
{
"status": "affected",
"version": "\u003e= 19.0, \u003c 20.7-cert2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:17:56.961Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"
},
{
"name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"name": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"
},
{
"name": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"
},
{
"name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"
}
],
"source": {
"advisory": "GHSA-v428-g3cw-7hv9",
"discovery": "UNKNOWN"
},
"title": "A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-42491",
"datePublished": "2024-09-05T17:17:56.961Z",
"dateReserved": "2024-08-02T14:13:04.619Z",
"dateUpdated": "2024-09-05T18:52:42.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2346 (GCVE-0-2009-2346)
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022819",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36275"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2346",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-07-07T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1561 (GCVE-0-2007-1561)
Vulnerability from cvelistv5
Published
2007-03-21 19:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017794"
},
{
"name": "20070319 Asterisk SDP DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117432783011737\u0026w=2"
},
{
"name": "24564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24564"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://asterisk.org/node/48339"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "20070321 Two new DoS Vulnerabilities in Asterisk Fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"name": "23031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23031"
},
{
"name": "asterisk-sip-invite-dos(33068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33068"
},
{
"name": "GLSA-200704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"name": "ADV-2007-1039",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1039"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "34479",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34479"
},
{
"name": "[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017794"
},
{
"name": "20070319 Asterisk SDP DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117432783011737\u0026w=2"
},
{
"name": "24564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24564"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://asterisk.org/node/48339"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "20070321 Two new DoS Vulnerabilities in Asterisk Fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"name": "23031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23031"
},
{
"name": "asterisk-sip-invite-dos(33068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33068"
},
{
"name": "GLSA-200704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"name": "ADV-2007-1039",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1039"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "34479",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34479"
},
{
"name": "[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017794",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017794"
},
{
"name": "20070319 Asterisk SDP DOS vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=117432783011737\u0026w=2"
},
{
"name": "24564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24564"
},
{
"name": "http://asterisk.org/node/48339",
"refsource": "CONFIRM",
"url": "http://asterisk.org/node/48339"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "20070321 Two new DoS Vulnerabilities in Asterisk Fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"name": "23031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23031"
},
{
"name": "asterisk-sip-invite-dos(33068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33068"
},
{
"name": "GLSA-200704-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "24719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24719"
},
{
"name": "http://www.sineapps.com/news.php?rssid=1707",
"refsource": "CONFIRM",
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"name": "ADV-2007-1039",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1039"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "34479",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34479"
},
{
"name": "[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability",
"refsource": "MLIST",
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1561",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-21T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3765 (GCVE-0-2007-3765)
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3765",
"datePublished": "2007-07-18T17:00:00",
"dateReserved": "2007-07-13T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4280 (GCVE-0-2007-4280)
Vulnerability from cvelistv5
Published
2007-08-09 21:00
Modified
2024-08-07 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26340"
},
{
"name": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4280",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42365 (GCVE-0-2024-42365)
Vulnerability from cvelistv5
Published
2024-08-08 16:29
Modified
2024-08-12 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "certified_asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.9-cert11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.7-cert2",
"status": "affected",
"version": "19.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.24.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.9.2",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
},
{
"lessThan": "21.4.2",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42365",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T16:38:45.608389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:49:00.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.24.2"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.9.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.4.2"
},
{
"status": "affected",
"version": "\u003c 18.9-cert11"
},
{
"status": "affected",
"version": "\u003e= 19.0, \u003c 20.7-cert2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T16:29:07.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"
},
{
"name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"name": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"
},
{
"name": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"
},
{
"name": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"
},
{
"name": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"
},
{
"name": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"
}
],
"source": {
"advisory": "GHSA-c4cg-9275-6w44",
"discovery": "UNKNOWN"
},
"title": "Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-42365",
"datePublished": "2024-08-08T16:29:07.436Z",
"dateReserved": "2024-07-30T14:01:33.923Z",
"dateUpdated": "2024-08-12T15:49:00.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1390 (GCVE-0-2008-1390)
Vulnerability from cvelistv5
Published
2008-03-24 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3764",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3764",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3764",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29449"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1390",
"datePublished": "2008-03-24T17:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2488 (GCVE-0-2007-2488)
Vulnerability from cvelistv5
Published
2007-05-07 19:00
Modified
2024-08-07 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1661"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35769",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35769"
},
{
"name": "asterisk-iax2-information-disclosure(34085)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34085"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "25134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-013.pdf"
},
{
"name": "23824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23824"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1661"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35769",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35769"
},
{
"name": "asterisk-iax2-information-disclosure(34085)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34085"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "25134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-013.pdf"
},
{
"name": "23824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23824"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1661"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35769",
"refsource": "OSVDB",
"url": "http://osvdb.org/35769"
},
{
"name": "asterisk-iax2-information-disclosure(34085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34085"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "25134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25134"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-013.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-013.pdf"
},
{
"name": "23824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23824"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2488",
"datePublished": "2007-05-07T19:00:00",
"dateReserved": "2007-05-03T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3263 (GCVE-0-2008-3263)
Vulnerability from cvelistv5
Published
2008-07-22 23:00
Modified
2024-08-07 09:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30321"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "asterisk-poke-dos(43942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl"
},
{
"name": "20080722 AST-2008-010: Asterisk IAX \u0027POKE\u0027 resource exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494675/100/0/threaded"
},
{
"name": "1020535",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-010.html"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30321"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "asterisk-poke-dos(43942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl"
},
{
"name": "20080722 AST-2008-010: Asterisk IAX \u0027POKE\u0027 resource exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494675/100/0/threaded"
},
{
"name": "1020535",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-010.html"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30321"
},
{
"name": "31194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31194"
},
{
"name": "asterisk-poke-dos(43942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942"
},
{
"name": "ADV-2008-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "FEDORA-2008-6676",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31178"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl"
},
{
"name": "20080722 AST-2008-010: Asterisk IAX \u0027POKE\u0027 resource exhaustion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494675/100/0/threaded"
},
{
"name": "1020535",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020535"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-010.html"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3263",
"datePublished": "2008-07-22T23:00:00",
"dateReserved": "2008-07-22T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3762 (GCVE-0-2007-3762)
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3762",
"datePublished": "2007-07-18T17:00:00",
"dateReserved": "2007-07-13T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1332 (GCVE-0-2008-1332)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29426"
},
{
"name": "http://www.asterisk.org/node/48466",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1332",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4455 (GCVE-0-2007-4455)
Vulnerability from cvelistv5
Published
2007-08-22 01:00
Modified
2024-08-07 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3047",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3047",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3047",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"name": "http://downloads.digium.com/pub/asa/AST-2007-020.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4455",
"datePublished": "2007-08-22T01:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2297 (GCVE-0-2007-2297)
Vulnerability from cvelistv5
Published
2007-04-26 20:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "1017954",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017954"
},
{
"name": "24359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24359"
},
{
"name": "20070425 ASA-2007-011: Multiple problems in SIP channel parser handling response codes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-sip-response-dos(33892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
},
{
"name": "2644",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2644"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "1017954",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017954"
},
{
"name": "24359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24359"
},
{
"name": "20070425 ASA-2007-011: Multiple problems in SIP channel parser handling response codes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-sip-response-dos(33892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
},
{
"name": "2644",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2644"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.asterisk.org/files/ASA-2007-011.pdf",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
},
{
"name": "http://bugs.digium.com/view.php?id=9313",
"refsource": "MISC",
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "1017954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017954"
},
{
"name": "24359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24359"
},
{
"name": "20070425 ASA-2007-011: Multiple problems in SIP channel parser handling response codes",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-sip-response-dos(33892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
},
{
"name": "2644",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2644"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2297",
"datePublished": "2007-04-26T20:00:00",
"dateReserved": "2007-04-26T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47780 (GCVE-0-2025-47780)
Vulnerability from cvelistv5
Published
2025-05-22 16:56
Modified
2025-05-22 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:24:44.875844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:25:09.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.9-cert14"
},
{
"status": "affected",
"version": "\u003e= 18.10, \u003c 18.26.2"
},
{
"status": "affected",
"version": "\u003e= 20.0, \u003c 20.7-cert5"
},
{
"status": "affected",
"version": "\u003e= 20.8, \u003c 20.14.1"
},
{
"status": "affected",
"version": "\u003e= 21.0, \u003c 21.9.1"
},
{
"status": "affected",
"version": "\u003e= 22.0, \u003c 22.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:56:28.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"
}
],
"source": {
"advisory": "GHSA-c7p6-7mvq-8jq2",
"discovery": "UNKNOWN"
},
"title": "cli_permissions.conf: deny option does not work for disallowing shell commands"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47780",
"datePublished": "2025-05-22T16:56:28.937Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-05-22T17:25:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4521 (GCVE-0-2007-4521)
Vulnerability from cvelistv5
Published
2007-08-28 01:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26601"
},
{
"name": "1018606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-021.html"
},
{
"name": "20070824 AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477729/100/0/threaded"
},
{
"name": "26602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26602"
},
{
"name": "asterisk-mime-body-dos(36261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36261"
},
{
"name": "ADV-2007-2978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2978"
},
{
"name": "25438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25438"
},
{
"name": "3065",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an \"invalid/corrupted\" MIME body, which triggers a crash when the recipient listens to voicemail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26601"
},
{
"name": "1018606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-021.html"
},
{
"name": "20070824 AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477729/100/0/threaded"
},
{
"name": "26602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26602"
},
{
"name": "asterisk-mime-body-dos(36261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36261"
},
{
"name": "ADV-2007-2978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2978"
},
{
"name": "25438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25438"
},
{
"name": "3065",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an \"invalid/corrupted\" MIME body, which triggers a crash when the recipient listens to voicemail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26601"
},
{
"name": "1018606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018606"
},
{
"name": "http://downloads.digium.com/pub/asa/AST-2007-021.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/AST-2007-021.html"
},
{
"name": "20070824 AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477729/100/0/threaded"
},
{
"name": "26602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26602"
},
{
"name": "asterisk-mime-body-dos(36261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36261"
},
{
"name": "ADV-2007-2978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2978"
},
{
"name": "25438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25438"
},
{
"name": "3065",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4521",
"datePublished": "2007-08-28T01:00:00",
"dateReserved": "2007-08-24T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3763 (GCVE-0-2007-3763)
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3763",
"datePublished": "2007-07-18T17:00:00",
"dateReserved": "2007-07-13T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2294 (GCVE-0-2007-2294)
Vulnerability from cvelistv5
Published
2007-04-26 20:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "1017955",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017955"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35369"
},
{
"name": "2646",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2646"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-interface-dos(33886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
},
{
"name": "24977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24977"
},
{
"name": "23649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23649"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/files/ASA-2007-012.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "1017955",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017955"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35369"
},
{
"name": "2646",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2646"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-interface-dos(33886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
},
{
"name": "24977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24977"
},
{
"name": "23649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23649"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/files/ASA-2007-012.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"name": "1017955",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017955"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "35369",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35369"
},
{
"name": "2646",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2646"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "asterisk-interface-dos(33886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
},
{
"name": "24977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24977"
},
{
"name": "23649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23649"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"name": "http://www.asterisk.org/files/ASA-2007-012.pdf",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/files/ASA-2007-012.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2294",
"datePublished": "2007-04-26T20:00:00",
"dateReserved": "2007-04-26T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from cvelistv5
Published
2023-12-14 19:43
Modified
2025-02-13 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=185713 | ||
| cve@mitre.org | http://ftp.digium.com/pub/asa/ASA-2007-016.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26099 | ||
| cve@mitre.org | http://secunia.com/advisories/29051 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200802-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24950 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018407 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2563 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35478 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=185713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asa/ASA-2007-016.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29051 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24950 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2563 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35478 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0.6 | |
| asterisk | asterisk | 1.0.7 | |
| asterisk | asterisk | 1.0.8 | |
| asterisk | asterisk | 1.0.9 | |
| asterisk | asterisk | 1.0.10 | |
| asterisk | asterisk | 1.0.11 | |
| asterisk | asterisk | 1.0.12 | |
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4.4_2007-04-27 | |
| asterisk | asterisk | 1.4_beta | |
| asterisk | asterisk | a | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisknow | beta_5 | |
| asterisk | asterisknow | beta_6 | |
| asterisk | s800i_appliance | 1.0 | |
| asterisk | s800i_appliance | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
"matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
"matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
"versionEndIncluding": "0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
},
{
"lang": "es",
"value": "El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a la beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de ciertos valores de longitudes de datos en un paquete manipulado, lo cual deriva en un \"copia de memoria demasiado larga\"."
}
],
"id": "CVE-2007-3764",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-18T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29051"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-09 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/asa/ASA-2007-019.pdf | Patch | |
| cve@mitre.org | http://secunia.com/advisories/26340 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25228 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018536 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2808 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35870 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/asa/ASA-2007-019.pdf | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26340 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25228 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2808 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35870 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | * | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisknow | * | |
| asterisk | s800i | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28786BB7-9F94-4193-81FC-83B836B9B530",
"versionEndIncluding": "1.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39776C64-0067-4EBD-A5DD-6B7FB17B7603",
"versionEndIncluding": "0.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C896A32E-906D-4AD0-A00B-11DC064CBA6E",
"versionEndIncluding": "beta_6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE11A7E-2893-47E4-897B-28BBAD984858",
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
},
{
"lang": "es",
"value": "El dispositivo de canal Skinny (chan_skinny) en el Asterisk Open Source anterior al 1.4.10, el AsteriskNOW anterior al beta7, el Appliance Developer Kit anterior al 0.7.0 y el Appliance s800i before 1.0.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s del paquete CAPABILITIES_RES_MESSAGE con una capacidad de escrutinio mayor que el array capabilities_res_message de poblaci\u00f3n."
}
],
"id": "CVE-2007-4280",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-09T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26340"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018536"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 01:17
Modified
2025-04-09 00:30
Severity ?
Summary
Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/asa/AST-2007-021.html | ||
| cve@mitre.org | http://secunia.com/advisories/26601 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26602 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3065 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/477729/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25438 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018606 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2978 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/36261 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/asa/AST-2007-021.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26602 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/477729/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25438 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018606 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2978 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36261 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4BA849-E092-404A-92CD-44C2D99AE971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7014B4-1860-49AD-9469-9954C3CC01C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1F0056-0945-476C-982E-7B41EB420A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A53DEC9D-B288-42CD-9387-57315AC98D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1F33F-27B6-4C56-92FF-EB2861ABBC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64E07CF3-073D-4705-96A6-13367D4F5CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "18D19CB0-E3D7-40DB-B0C0-B62BB6075267",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an \"invalid/corrupted\" MIME body, which triggers a crash when the recipient listens to voicemail."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.4.5 hasta la 1.4.11, cuando la configuraci\u00f3n utiliza un \t\r\nalmacenamiento de correo por voz (voicemail) del IMAP backend, permite a atacantes remotos provocar denegaci\u00f3n de servicio a trav\u00e9s de un correo electr\u00f3nico con un cuerpo MIME \" \"inv\u00e1lido/corrupto\", lo cual dispara una caida cuando el recipiente escucha en el correo por voz (voicemail)."
}
],
"id": "CVE-2007-4521",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-28T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.digium.com/pub/asa/AST-2007-021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26601"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26602"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3065"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477729/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25438"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018606"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2978"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.digium.com/pub/asa/AST-2007-021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477729/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-22 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.digium.com/view.php?id=9316 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/24694 | ||
| cve@mitre.org | http://secunia.com/advisories/25582 | ||
| cve@mitre.org | http://svn.digium.com/view/asterisk?rev=59073&view=rev | Patch | |
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23155 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1123 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.digium.com/view.php?id=9316 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24694 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.digium.com/view/asterisk?rev=59073&view=rev | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1123 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form."
},
{
"lang": "es",
"value": "El Lenguaje de Extensi\u00f3n de Asterisk (AEL) en pbx/pbx_ael.c de Asterisk no genera extensiones apropiadamente, lo cual permite a atacantes remotos ejecutar extensiones de su elecci\u00f3n y tener un impacto desconocido especificando una extensi\u00f3n inv\u00e1lida en formularios concretos."
}
],
"id": "CVE-2007-1595",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-22T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.digium.com/view.php?id=9316"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24694"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://svn.digium.com/view/asterisk?rev=59073\u0026view=rev"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23155"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.digium.com/view.php?id=9316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.digium.com/view/asterisk?rev=59073\u0026view=rev"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-08 17:15
Modified
2024-09-16 20:23
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426 | Issue Tracking | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426 | Issue Tracking | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44 | Exploit, Technical Description, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | * | |
| asterisk | asterisk | * | |
| asterisk | asterisk | 21.4.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 13.13.0 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 18.9 | |
| asterisk | certified_asterisk | 20.7 | |
| asterisk | certified_asterisk | 20.7 | |
| asterisk | certified_asterisk | 20.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E883638-A227-4B23-ADEB-E54244B482F0",
"versionEndExcluding": "18.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525E1CCB-43F1-405D-96A9-A9D41D8F59CD",
"versionEndExcluding": "20.9.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8337584E-FAFD-456F-957C-7CDE4132E660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C489FB-3A83-42D7-94A9-3C7D5B8F980C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DDBE806-CDD5-4981-B575-9EB58816CD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "A9676683-14B7-4489-9D18-C37365C323D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "660E2F8C-A674-44EE-99AC-80E57A0681C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "6949CB9E-8282-4E9D-9DD0-889E3181C845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "B54BB82E-92EF-4D75-8E62-10CDC7C526DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "E759A991-D72D-4FCA-B4F5-3B51D63A31D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4E1A5B3-8385-4376-A145-1E1CC0E80818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3E4E78FF-000E-4DA8-8539-2C5507C09BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "20998BF5-7014-444C-A221-5B989987A7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "245E902A-1583-4482-9AD7-F0C5AF38764E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "282CF259-FEE3-44FC-808E-D96CCF48BFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "BEF5DDD6-7C6B-4E72-B3F3-7330C4488CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*",
"matchCriteriaId": "675FED60-01B9-4A6F-B20C-D642121B873C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
"matchCriteriaId": "3D6A228C-260F-484C-B169-EEDB0C66CB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
"matchCriteriaId": "7FFE0158-47D4-4FB4-84C8-49E67A181545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
"matchCriteriaId": "CAC40CC0-5EC1-4F05-B1D1-7D06D2E10B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
"matchCriteriaId": "3CDDFE32-9BAE-400C-8F6B-9792E9E0711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:*",
"matchCriteriaId": "EB3952E1-6BA6-46D7-92F6-168EE8351E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "67D6AA96-3579-41F5-B871-DA01F12CC8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "66E7DD42-CBC6-44F1-B06D-0B89CF624D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "1EC0C26E-CCD2-4AEE-A35C-7A4DDA2E657E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "3CE9EC96-7A16-4989-98BC-440E9282FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "91CCAB0C-C0F8-4619-AAE1-F6F13FF31570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "F2B7CBB3-E037-416B-AD16-9A553D6A4775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "DE7DDFE1-6A06-477A-AB45-D00053CFA7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "B987A13D-A363-4DCE-BBA1-E35E81ACBA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "01A5B7F9-FAD2-4C0C-937D-CF1086512130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "F60B4271-F987-4932-86EE-45ED099661E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "4183072E-F5A2-4137-82B4-B066AC8DAAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "3ABB4F01-021F-46C1-ABD4-412C7D40C52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:*",
"matchCriteriaId": "7B8A221A-E9DD-45EC-8DD6-7AFBC5A0B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "32177FB5-4C13-4E0C-AB67-F2B2F322581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "795DA8B6-FACE-4CC2-8262-1733A34F5593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "CDBDB4E6-51AC-4707-85DF-9F76EF6629BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "BEC796F2-A349-4CCA-9343-5251DCA781A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:*",
"matchCriteriaId": "3AC09F75-406C-4699-A4D7-661383A05C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:*",
"matchCriteriaId": "02F5B177-0509-4CF7-A555-B9F41F50AE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:*",
"matchCriteriaId": "237890E9-1AAB-4D02-801E-BC0C68A70718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*",
"matchCriteriaId": "D3064399-A01E-4E08-A4AE-4BA33A4928F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFA59ED7-2EE0-45EC-A794-8FA29B403A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:*",
"matchCriteriaId": "C727C1DB-0287-412E-9107-AF276FF3AB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:*",
"matchCriteriaId": "3520F2B3-3E3F-4222-AA97-B2F7F7BD30A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "56923D44-D1D5-4A79-AA36-5A0C45D22250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "C669C229-8050-4938-8A05-11BFAB8D51FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue."
},
{
"lang": "es",
"value": "Asterisk es un kit de herramientas de telefon\u00eda y centralita privada (PBX) de c\u00f3digo abierto. Antes de las versiones de asterisk 18.24.2, 20.9.2 y 21.4.2 y de las versiones de asterisco certificado 18.9-cert11 y 20.7-cert2, un usuario de AMI con `write=originate` pod\u00eda cambiar todos los archivos de configuraci\u00f3n en `/etc/asterisk. /` directorio. Esto ocurre porque pueden curvar archivos remotos y escribirlos en el disco, pero tambi\u00e9n pueden agregarlos a archivos existentes usando la funci\u00f3n `FILE` dentro de la aplicaci\u00f3n `SET`. Este problema puede provocar una escalada de privilegios, la ejecuci\u00f3n remota de c\u00f3digo y/o blind server-side request forgery con un protocolo arbitrario. Las versiones de Asterisk 18.24.2, 20.9.2 y 21.4.2 y las versiones de asterisco certificado 18.9-cert11 y 20.7-cert2 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-42365",
"lastModified": "2024-09-16T20:23:18.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-08T17:15:19.340",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
},
{
"lang": "en",
"value": "CWE-1220"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-26 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/24977 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25582 | ||
| cve@mitre.org | http://securityreason.com/securityalert/2646 | ||
| cve@mitre.org | http://www.asterisk.org/files/ASA-2007-012.pdf | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.osvdb.org/35369 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/466911/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23649 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1017955 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1534 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24977 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2646 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/files/ASA-2007-012.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/35369 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/466911/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23649 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1534 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33886 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference."
},
{
"lang": "es",
"value": "El Manager Interface en Asterisk anterior a 1.2.18 y 1.4.x anterior a 1.4.3 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) utilizando validaci\u00f3n MD5 para validar a un usuario que no tiene definida una contrase\u00f1a en manager.conf, dando como resultado un puntero no referencia NULL."
}
],
"evaluatorImpact": "Successful exploitation requires that the Management Interface is enabled and a user without a password is configured in the manager.conf file.",
"id": "CVE-2007-2294",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-26T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24977"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2646"
},
{
"source": "cve@mitre.org",
"url": "http://www.asterisk.org/files/ASA-2007-012.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35369"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23649"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017955"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.asterisk.org/files/ASA-2007-012.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-04 20:15
Modified
2025-04-11 00:51
Severity ?
Summary
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-001.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html | ||
| cve@mitre.org | http://secunia.com/advisories/38395 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39096 | ||
| cve@mitre.org | http://securitytracker.com/id?1023532 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/509327/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/38047 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0289 | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/view.php?id=16517 | ||
| cve@mitre.org | https://issues.asterisk.org/view.php?id=16634 | ||
| cve@mitre.org | https://issues.asterisk.org/view.php?id=16724 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38395 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023532 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/509327/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/38047 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0289 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/view.php?id=16517 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/view.php?id=16634 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/view.php?id=16724 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.6.0 | |
| asterisk | asterisk | 1.6.0.1 | |
| asterisk | asterisk | 1.6.0.2 | |
| asterisk | asterisk | 1.6.0.3 | |
| asterisk | asterisk | 1.6.0.5 | |
| asterisk | asterisk | 1.6.0.6 | |
| asterisk | asterisk | 1.6.0.7 | |
| asterisk | asterisk | 1.6.0.8 | |
| asterisk | asterisk | 1.6.0.9 | |
| asterisk | asterisk | 1.6.0.10 | |
| asterisk | asterisk | 1.6.0.12 | |
| asterisk | asterisk | 1.6.0.13 | |
| asterisk | asterisk | 1.6.0.14 | |
| asterisk | asterisk | 1.6.0.15 | |
| asterisk | asterisk | 1.6.0.16-rc1 | |
| asterisk | asterisk | 1.6.0.16-rc2 | |
| asterisk | asterisk | 1.6.0.17 | |
| asterisk | asterisk | 1.6.0.18 | |
| asterisk | asterisk | 1.6.0.18-rc1 | |
| asterisk | asterisk | 1.6.0.18-rc2 | |
| asterisk | asterisk | 1.6.0.18-rc3 | |
| asterisk | asterisk | 1.6.0.19 | |
| asterisk | asterisk | 1.6.0.20 | |
| asterisk | asterisk | 1.6.0.20-rc1 | |
| asterisk | asterisk | 1.6.0.21 | |
| asterisk | asterisk | 1.6.0.21-rc1 | |
| asterisk | asterisk | 1.6.1.0 | |
| asterisk | asterisk | 1.6.1.1 | |
| asterisk | asterisk | 1.6.1.2 | |
| asterisk | asterisk | 1.6.1.4 | |
| asterisk | asterisk | 1.6.1.5 | |
| asterisk | asterisk | 1.6.1.6 | |
| asterisk | asterisk | 1.6.1.7-rc1 | |
| asterisk | asterisk | 1.6.1.7-rc2 | |
| asterisk | asterisk | 1.6.1.8 | |
| asterisk | asterisk | 1.6.1.9 | |
| asterisk | asterisk | 1.6.1.10 | |
| asterisk | asterisk | 1.6.1.10-rc1 | |
| asterisk | asterisk | 1.6.1.10-rc2 | |
| asterisk | asterisk | 1.6.1.10-rc3 | |
| asterisk | asterisk | 1.6.1.11 | |
| asterisk | asterisk | 1.6.1.12 | |
| asterisk | asterisk | 1.6.1.12-rc1 | |
| asterisk | asterisk | 1.6.1.13 | |
| asterisk | asterisk | 1.6.1.13-rc1 | |
| asterisk | asterisk | 1.6.2.1 | |
| asterisk | asterisk | 1.6.2.1-rc1 | |
| asterisk | asterisk | 1.6.10-rc1 | |
| asterisk | asterisk | 1.6.10-rc2 | |
| asterisk | asterisk | c.3.1.0 | |
| asterisk | asterisk | c.3.1.1 | |
| asterisk | asterisk | c.3.2.2 | |
| asterisk | asterisk | c.3.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1EFFF2-1982-47F8-AD13-F092EEAA6CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6B7EB6-7C40-4F9A-8740-C3047260F585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5A2517-8ACA-43B9-B40F-2178E1E6FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CA5945-22BD-4C0B-B572-E8A4F97B0072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "610ACBCE-07B7-4A6F-9D3F-F4BA787DC873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EC87EDE8-E27F-4423-A816-C68FD6E43217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F465A7B8-599B-4DD6-91C3-AC532FC58C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "683AE289-8941-4CB5-8F5D-AB004E2368E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "945F6B76-2970-4846-8480-1BB5CC6AAED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "43A01317-A0CB-4469-AB2A-810AD3F0ACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C346B14C-D023-4080-B283-0AFB7AE2707D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "88C2A2C9-18CD-4B6E-A9ED-30E26E44421D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D797FD-9180-427B-B1D3-2137AA2A019A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5135FC8A-84CD-4020-A296-907725D2A7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "80497A77-FC5D-4F01-9809-9E4C08D7CD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1B6A5-5E17-414B-B83D-08A5012A57F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "57645851-EC85-44AE-BC8A-A1640D5012B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "653E068C-4F8F-43EB-849A-A9FCD16000F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F167788D-4366-4606-8F6C-2DD0AE345288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2D5A01-DDEA-40EB-ADAA-A92073746E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "08A4B790-EDC4-40B9-AFC3-C647E49A2E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "58ACA45B-F10E-4D45-91C5-2C46BE11772E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9676FE-3750-453E-9804-973072E04BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.20-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "05F8B5EE-3664-4F43-B6FD-92856067266F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "97AB2998-5654-4D74-95D3-C26B04C77FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.0.21-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F366A3-F3C6-4B66-B987-DDB1E2AFA6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2F7A6-388A-4C17-ABC3-8AA78EB9E21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCE62F1-803B-43AF-B367-26CEE18F22C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A90DF9-FFC8-4724-85E2-1873C1945E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3AE1B-E9A1-4318-AE88-EA47643A9845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53397CB5-77A4-423B-8094-DD9AAF14937A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BDAEC9-5A52-4C8A-A746-659779EEC71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "13B84311-DF6D-44F7-9A14-4B754EE293B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA69EC7-9F9E-4BD3-ABFF-9D6E9B38FC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "682C07DA-7537-4F68-9DF8-2E4615016B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FD6C99-63D8-4B05-A2F1-8A30E96DFFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E546955D-5107-4F4A-884C-1A0A1C26DCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD027-C085-4FDC-89B0-45496A876FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "A70428E6-3220-4983-86AD-EEAB32AE3049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "90378BB8-7817-4192-93BA-53BD12A44E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "72A748AF-36B1-47DC-9132-DD44D5014E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "99D4CF13-83F5-40CE-BF8A-C37582F72108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.12-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA652F-F045-4872-A916-6145C7A6AC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDC89DD-96B1-458B-B8D6-958D8D42EF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.1.13-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA85B103-1763-4BE8-A8F2-D1AA1A79437B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52F43F8F-BD5D-45EF-94D4-1405F2ACB31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.2.1-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC00ABF5-D79B-41CA-9451-5C5FB215BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.10-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9455CE-C01B-4C25-B8FB-B6BF46E6162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6.10-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A8B75E-9299-40B6-925A-E0B11B358025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:*",
"matchCriteriaId": "E6B4EC4D-957C-4A93-B65C-10114845A226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.3.1.1:*:business:*:*:*:*:*",
"matchCriteriaId": "119C7D71-C02A-494D-8567-3BFC8BB84494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.3.2.2:*:business:*:*:*:*:*",
"matchCriteriaId": "0FF85A31-73C4-45E7-B42A-E653F6420F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.3.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "13B34567-05CD-4111-B28B-1AAA3B454635",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number."
},
{
"lang": "es",
"value": "Asterisk Open Source v1.6.0.x anterior v1.6.0.22, v1.6.1.x anterior v1.6.1.14, y v1.6.2.x anterior v1.6.2.2, y Business Edition vC.3 anterior vC.3.3.2, permite a atacantes remotos causar una denegaci\u00f3n de demonio (ca\u00edda de demonio) a trav\u00e9s de una negociaci\u00f3n SIP T.38 con un campo SDP FaxMaxDatagram que (1) perdido, (2) modificado para contener un n\u00famero negativo o (3) modificado para contener un n\u00famero largo."
}
],
"id": "CVE-2010-0441",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-04T20:15:24.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38395"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39096"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023532"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38047"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0289"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/view.php?id=16517"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/view.php?id=16634"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/view.php?id=16724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/view.php?id=16517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/view.php?id=16634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/view.php?id=16724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-22 01:17
Modified
2025-04-09 00:30
Severity ?
Summary
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/asa/AST-2007-020.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2007/Aug/0393.html | ||
| cve@mitre.org | http://secunia.com/advisories/26553 | ||
| cve@mitre.org | http://securityreason.com/securityalert/3047 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25392 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018595 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2953 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/36145 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/asa/AST-2007-020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2007/Aug/0393.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26553 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3047 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25392 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018595 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2953 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36145 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | * | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisknow | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28786BB7-9F94-4193-81FC-83B836B9B530",
"versionEndIncluding": "1.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C03D5E-5EBE-42C9-BA54-10F1ED76D61C",
"versionEndIncluding": "0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C896A32E-906D-4AD0-A00B-11DC064CBA6E",
"versionEndIncluding": "beta_6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
},
{
"lang": "es",
"value": "El controlador de canal SIP (chan_sip) en Asterisk Open Source 1.4.x anterior a 1.4.11, AsteriskNOW anterior a beta7, Asterisk Appliance Developer Kit 0.x anterior a 0.8.0, y s800i (Asterisk Appliance) 1.x anterior a 1.0.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de memoria) mediante un di\u00e1logo SIP que provoca que se cree un gran n\u00famero de entradas de hist\u00f3rico."
}
],
"id": "CVE-2007-4455",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-22T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26553"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3047"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25392"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018595"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-22 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2008-010.html | ||
| cve@mitre.org | http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/31178 | ||
| cve@mitre.org | http://secunia.com/advisories/31194 | ||
| cve@mitre.org | http://secunia.com/advisories/34982 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200905-01.xml | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/494675/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/30321 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1020535 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2168/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2008-010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31178 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31194 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34982 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200905-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/494675/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30321 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020535 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2168/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 0.1.0 | |
| asterisk | asterisk | 0.1.1 | |
| asterisk | asterisk | 0.1.2 | |
| asterisk | asterisk | 0.1.3 | |
| asterisk | asterisk | 0.1.4 | |
| asterisk | asterisk | 0.1.5 | |
| asterisk | asterisk | 0.1.6 | |
| asterisk | asterisk | 0.1.7 | |
| asterisk | asterisk | 0.1.8 | |
| asterisk | asterisk | 0.1.9 | |
| asterisk | asterisk | 0.1.9_1 | |
| asterisk | asterisk | 0.1.10 | |
| asterisk | asterisk | 0.1.11 | |
| asterisk | asterisk | 0.1.12 | |
| asterisk | asterisk | 0.2 | |
| asterisk | asterisk | 0.3 | |
| asterisk | asterisk | 0.4 | |
| asterisk | asterisk | 0.5.0 | |
| asterisk | asterisk | 0.7.0 | |
| asterisk | asterisk | 0.7.1 | |
| asterisk | asterisk | 0.7.2 | |
| asterisk | asterisk | 0.9.0 | |
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0.1 | |
| asterisk | asterisk | 1.0.2 | |
| asterisk | asterisk | 1.0.3 | |
| asterisk | asterisk | 1.0.4 | |
| asterisk | asterisk | 1.0.5 | |
| asterisk | asterisk | 1.0.6 | |
| asterisk | asterisk | 1.0.7 | |
| asterisk | asterisk | 1.0.8 | |
| asterisk | asterisk | 1.0.9 | |
| asterisk | asterisk | 1.0.10 | |
| asterisk | asterisk | 1.0.11 | |
| asterisk | asterisk | 1.0.11.1 | |
| asterisk | asterisk | 1.0.12 | |
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.1 | |
| asterisk | asterisk | 1.2.2 | |
| asterisk | asterisk | 1.2.3 | |
| asterisk | asterisk | 1.2.4 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.7.1 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.9.1 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.2.18 | |
| asterisk | asterisk | 1.2.19 | |
| asterisk | asterisk | 1.2.20 | |
| asterisk | asterisk | 1.2.21 | |
| asterisk | asterisk | 1.2.22 | |
| asterisk | asterisk | 1.2.23 | |
| asterisk | asterisk | 1.2.24 | |
| asterisk | asterisk | 1.2.25 | |
| asterisk | asterisk | 1.2.26 | |
| asterisk | asterisk | 1.2.26.1 | |
| asterisk | asterisk | 1.2.26.2 | |
| asterisk | asterisk | 1.2.27 | |
| asterisk | asterisk | 1.2.28 | |
| asterisk | asterisk | 1.2.28.1 | |
| asterisk | asterisk | 1.2.29 | |
| asterisk | asterisk | 1.2.30 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4.3 | |
| asterisk | asterisk | 1.4.4 | |
| asterisk | asterisk | 1.4.4_2007-04-27 | |
| asterisk | asterisk | 1.4.5 | |
| asterisk | asterisk | 1.4.6 | |
| asterisk | asterisk | 1.4.7 | |
| asterisk | asterisk | 1.4.8 | |
| asterisk | asterisk | 1.4.9 | |
| asterisk | asterisk | 1.4.10 | |
| asterisk | asterisk | 1.4.11 | |
| asterisk | asterisk | 1.4.12 | |
| asterisk | asterisk | 1.4.13 | |
| asterisk | asterisk | 1.4.14 | |
| asterisk | asterisk | 1.4.15 | |
| asterisk | asterisk | 1.4.16 | |
| asterisk | asterisk | 1.4.16.1 | |
| asterisk | asterisk | 1.4.16.2 | |
| asterisk | asterisk | 1.4.17 | |
| asterisk | asterisk | 1.4.18 | |
| asterisk | asterisk | 1.4.18.1 | |
| asterisk | asterisk | 1.4.19 | |
| asterisk | asterisk | 1.4_beta | |
| asterisk | asterisk | 1.4_revision_95946 | |
| asterisk | asterisk | 1.6 | |
| asterisk | asterisk | a | |
| asterisk | asterisk | a | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk | b.2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8EBD08-B640-42E7-BEDB-E7A279043AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEB7358-12E8-4E8C-987E-14493BED32BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6460CC-1A31-4776-890A-FA3120A85C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B2C53-C767-434C-8A16-356FE39DC3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DF3AD9-E2B7-4D65-A7FB-587D97AF418A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AC1ACB-A7A4-41C9-B85B-4FA48AA845C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22521061-EFFB-4EC2-BA8F-D6D55E43CCB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "74257EDA-40C0-4762-8184-1526B5682326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF09DF6-3E23-4139-92A2-DC44D2A2CF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3003B53D-F21C-4D37-903D-D6F51EF6E63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.9_1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3E676F-0559-4135-8B01-27A808363F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93F75E29-3952-4E28-A17C-2EC87203F4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3B67F4F2-CDB9-46C1-AE4C-3E183E54693A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D61CF0C0-5118-4CBC-BD78-BCF55569C167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4D46FC-06D3-4022-B971-0BA11868486B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C3C518-8427-40F1-832C-31D414DB9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77038CD8-F21A-4372-8D23-1A2563865334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E29B048-41E8-4301-8863-BE73C4AEE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B60E0BAB-6D6E-48DB-92A9-62769E25C024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB40890B-5C7C-4BDD-8579-80C75C259570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323CDA8E-FBB4-455F-BC72-A3588FE0014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09BDB6F9-A258-4537-BEFB-BB18A38B1071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0973E099-B757-4845-9A4C-E2DAD3C3336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02A94415-B792-4CA4-A271-F04D6B8A793E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "358D057C-1C78-43C6-9DB8-3CC8FF2AAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E76012FA-1BD9-4A0D-830A-88B5A319C794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79244AE5-FD84-42B5-A56B-18293B999423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BF25D879-9A00-48D2-93F8-BE692DE76E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC2FFDF-1E94-4E1F-BABC-8B53D8B986F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16B00825-6346-4A1E-A04C-714A8EDB043A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3E1877-27E0-4DB1-BFB1-E70043125724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3B9A-4D40-470F-ABBD-1D9105EB01F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD1092A-B278-4606-A328-3BC38CF535CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A87BEC-8F36-48CB-83CA-7E69B16629E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B89DF1E-8BF7-4907-83BF-B4A1DFFEBC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A39F4E4E-B3B0-47AE-A36D-823E74C0FCCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C7381C3C-50A0-41FB-804C-C0D57B7173C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D1FA9-D83A-4399-86DB-F844F24771B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EAE6FD-5A1A-4596-9E01-B6AE9C8ABE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "69B207B9-A4F4-4A3A-B6AD-C3470A7FA226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "65C8D404-EF04-440E-A134-5A94AEB30DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "A10E0435-D6A4-405A-A855-F755F1A850A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "218B3095-4CC2-4CC3-9ED6-98293DC27FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9EE91-2388-4FAF-B79F-04025879EFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA10487-E9DC-4017-BCDF-7D1CC3C84C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FD0788-C8E7-406B-9CA2-72341F71771E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A678E060-6274-40B6-94BD-84C598689694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0F95F5-AFA0-4F75-904F-E9B501FA1FBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3722B7-722B-4EE2-BE30-A00B530768F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "49641F43-FB6C-422A-9482-59B242BAA889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED92AF3-3C13-4206-BC76-E6B9368C599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84CB8C4A-F001-4DD7-8DFE-CB082B4BB969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96DB0240-E93D-4BDB-859B-B44C91996993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
"matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4BA849-E092-404A-92CD-44C2D99AE971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7014B4-1860-49AD-9469-9954C3CC01C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1F0056-0945-476C-982E-7B41EB420A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A53DEC9D-B288-42CD-9387-57315AC98D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1F33F-27B6-4C56-92FF-EB2861ABBC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64E07CF3-073D-4705-96A6-13367D4F5CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "18D19CB0-E3D7-40DB-B0C0-B62BB6075267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77FB7CC1-BD0D-4F34-AB21-59CFD23C494C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "997FA3C7-1894-478A-ABF1-52DD2B0487E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "96E02BE0-BF4A-46C9-AFB5-47E8F18E3D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "292190EE-D9C8-4E3A-BB34-0ECD7B865482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAC55F9-1D43-4AA8-87C9-DB165442700B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "219760EE-AA86-4423-890D-1BD5D9D3ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "613B69C5-4330-46E0-B6DF-322C5BC6D5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "195B012E-0538-4140-9035-F5D1A442778B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA65023F-965D-4FA3-A1AB-DB4A7E9D05A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78AC03A7-41AB-45AF-AD89-291A7429B8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FE3CC7-74FB-4401-A0D3-924D6A45EB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*",
"matchCriteriaId": "DB08F4FA-8600-4D21-A565-B3BF636634B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAE6729-D79A-49B8-9758-BA74A60A238A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5B291D-25D6-4629-954C-99722F8B9918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
"matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27DA769B-8D20-47EC-95A1-F616243A7BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3736EFBD-357A-4E9A-8865-7F27FA7052E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05515185-52F6-4A69-A32C-BC2F89E4CFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo IAX2 en Asterisk Open Source versiones 1.0.x, versiones 1.2.x anteriores a 1.2.30 y versiones 1.4.x anteriores a 1.4.21.2; Business Edition versiones A.x.x, versiones B.x.x anteriores a B.2.5.4 y versiones C.x.x anteriores a C.1.10.3; AsteriskNOW; Appliance Developer Kit versiones 0.x.x; y s800i versiones 1.0.x anteriores a 1.2.0.1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento del n\u00famero de llamadas y consumo de CPU) mediante el env\u00edo r\u00e1pido de un gran n\u00famero de peticiones POKE de IAX2 (IAX)."
}
],
"id": "CVE-2008-3263",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-22T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.digium.com/pub/security/AST-2008-010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31178"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31194"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34982"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494675/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30321"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020535"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.digium.com/pub/security/AST-2008-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494675/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=185713 | ||
| cve@mitre.org | http://ftp.digium.com/pub/asa/ASA-2007-015.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26099 | ||
| cve@mitre.org | http://secunia.com/advisories/29051 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200802-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24950 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018407 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2563 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=185713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asa/ASA-2007-015.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29051 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24950 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2563 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0.6 | |
| asterisk | asterisk | 1.0.7 | |
| asterisk | asterisk | 1.0.8 | |
| asterisk | asterisk | 1.0.9 | |
| asterisk | asterisk | 1.0.10 | |
| asterisk | asterisk | 1.0.11 | |
| asterisk | asterisk | 1.0.12 | |
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4.4_2007-04-27 | |
| asterisk | asterisk | 1.4_beta | |
| asterisk | asterisk | a | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisknow | beta_5 | |
| asterisk | asterisknow | beta_6 | |
| asterisk | s800i_appliance | 1.0 | |
| asterisk | s800i_appliance | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
"matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
"matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
"versionEndIncluding": "0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
},
{
"lang": "es",
"value": "El gestor de dispositivo de canal IAX2 (chan_iax2) en Asterisk versiones anteriores a 1.2.22 y 1.4.x versiones anteriores a 1.4.8, Business Edition versiones anteriores a B.2.2.1, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a 0.5.0, y s800i versiones anteriores a 1.0.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante tramas (1) LAGRQ \u00f3 (2) LAGRP que contienen elementos de informaci\u00f3n de tramas IAX, que resulta en una referencia a puntero NULL cuando Asterisk no asigna apropiadamente una variable asociado."
}
],
"id": "CVE-2007-3763",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-18T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29051"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.digium.com/pub/asa/ASA-2007-017.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26099 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24950 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018407 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2563 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35480 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asa/ASA-2007-017.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24950 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2563 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35480 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0.6 | |
| asterisk | asterisk | 1.0.7 | |
| asterisk | asterisk | 1.0.8 | |
| asterisk | asterisk | 1.0.9 | |
| asterisk | asterisk | 1.0.10 | |
| asterisk | asterisk | 1.0.11 | |
| asterisk | asterisk | 1.0.12 | |
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4.4_2007-04-27 | |
| asterisk | asterisk | 1.4_beta | |
| asterisk | asterisk | a | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisknow | beta_5 | |
| asterisk | asterisknow | beta_6 | |
| asterisk | s800i_appliance | 1.0 | |
| asterisk | s800i_appliance | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
"matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
"matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
"versionEndIncluding": "0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
},
{
"lang": "es",
"value": "La implementaci\u00f3n STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP."
}
],
"id": "CVE-2007-3765",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-18T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-26 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.digium.com/view.php?id=9313 | ||
| cve@mitre.org | http://secunia.com/advisories/25582 | ||
| cve@mitre.org | http://securityreason.com/securityalert/2644 | ||
| cve@mitre.org | http://www.asterisk.org/files/ASA-2007-011.pdf | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/466882/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24359 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1017954 | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33892 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.digium.com/view.php?id=9313 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2644 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/files/ASA-2007-011.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/466882/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24359 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017954 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33892 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash)."
},
{
"lang": "es",
"value": "El SIP channel driver (chan_sip) del Asterisk anterior al 1.2.18 y el 1.4.x anterior al 1.4.3 no analiza sint\u00e1cticamente de forma correcta los paquetes SIP UDP que no contienen un c\u00f3digo de respuesta v\u00e1lido, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda)."
}
],
"id": "CVE-2007-2297",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-26T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2644"
},
{
"source": "cve@mitre.org",
"url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24359"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017954"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2009-006.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/36593 | Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1022819 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/506257/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36275 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36593 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1022819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/506257/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36275 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk | b.2.2.1 | |
| asterisk | asterisk | b.2.3.1 | |
| asterisk | asterisk | b.2.3.2 | |
| asterisk | asterisk | b.2.3.3 | |
| asterisk | asterisk | b.2.3.4 | |
| asterisk | asterisk | b.2.3.5 | |
| asterisk | asterisk | b.2.3.6 | |
| asterisk | asterisk | b.2.5.1 | |
| asterisk | asterisk | b.2.5.3 | |
| asterisk | asterisk | b.2.5.4 | |
| asterisk | asterisk | b.2.5.5 | |
| asterisk | asterisk | b.2.5.6 | |
| asterisk | asterisk | b.2.5.8 | |
| asterisk | asterisk | b.2.5.9 | |
| asterisk | asterisk | c.1.0_beta7 | |
| asterisk | asterisk | c.1.0_beta8 | |
| asterisk | asterisk | c.1.6 | |
| asterisk | asterisk | c.1.6.1 | |
| asterisk | asterisk | c.1.6.2 | |
| asterisk | asterisk | c.1.8.1 | |
| asterisk | asterisk | c.1.10.3 | |
| asterisk | asterisk | c.1.10.4 | |
| asterisk | asterisk | c.1.10.5 | |
| asterisk | asterisk | c.2.1.2.1 | |
| asterisk | asterisk | c.2.3 | |
| asterisk | asterisk | c.2.3.3 | |
| asterisk | asterisk | c.2.4.2 | |
| asterisk | asterisk | c.3.1.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.1 | |
| asterisk | open_source | 1.2.2 | |
| asterisk | open_source | 1.2.2 | |
| asterisk | open_source | 1.2.3 | |
| asterisk | open_source | 1.2.3 | |
| asterisk | open_source | 1.2.4 | |
| asterisk | open_source | 1.2.4 | |
| asterisk | open_source | 1.2.5 | |
| asterisk | open_source | 1.2.5 | |
| asterisk | open_source | 1.2.6 | |
| asterisk | open_source | 1.2.6 | |
| asterisk | open_source | 1.2.7 | |
| asterisk | open_source | 1.2.7 | |
| asterisk | open_source | 1.2.7.1 | |
| asterisk | open_source | 1.2.7.1 | |
| asterisk | open_source | 1.2.8 | |
| asterisk | open_source | 1.2.8 | |
| asterisk | open_source | 1.2.9 | |
| asterisk | open_source | 1.2.9.1 | |
| asterisk | open_source | 1.2.9.1 | |
| asterisk | open_source | 1.2.10 | |
| asterisk | open_source | 1.2.10 | |
| asterisk | open_source | 1.2.11 | |
| asterisk | open_source | 1.2.11 | |
| asterisk | open_source | 1.2.12 | |
| asterisk | open_source | 1.2.12 | |
| asterisk | open_source | 1.2.12.1 | |
| asterisk | open_source | 1.2.12.1 | |
| asterisk | open_source | 1.2.13 | |
| asterisk | open_source | 1.2.13 | |
| asterisk | open_source | 1.2.14 | |
| asterisk | open_source | 1.2.14 | |
| asterisk | open_source | 1.2.15 | |
| asterisk | open_source | 1.2.15 | |
| asterisk | open_source | 1.2.16 | |
| asterisk | open_source | 1.2.16 | |
| asterisk | open_source | 1.2.17 | |
| asterisk | open_source | 1.2.17 | |
| asterisk | open_source | 1.2.18 | |
| asterisk | open_source | 1.2.18 | |
| asterisk | open_source | 1.2.19 | |
| asterisk | open_source | 1.2.19 | |
| asterisk | open_source | 1.2.20 | |
| asterisk | open_source | 1.2.20 | |
| asterisk | open_source | 1.2.21 | |
| asterisk | open_source | 1.2.21 | |
| asterisk | open_source | 1.2.21.1 | |
| asterisk | open_source | 1.2.21.1 | |
| asterisk | open_source | 1.2.22 | |
| asterisk | open_source | 1.2.22 | |
| asterisk | open_source | 1.2.23 | |
| asterisk | open_source | 1.2.23 | |
| asterisk | open_source | 1.2.24 | |
| asterisk | open_source | 1.2.24 | |
| asterisk | open_source | 1.2.25 | |
| asterisk | open_source | 1.2.25 | |
| asterisk | open_source | 1.2.26 | |
| asterisk | open_source | 1.2.26 | |
| asterisk | open_source | 1.2.26.1 | |
| asterisk | open_source | 1.2.26.1 | |
| asterisk | open_source | 1.2.26.2 | |
| asterisk | open_source | 1.2.26.2 | |
| asterisk | open_source | 1.2.27 | |
| asterisk | open_source | 1.2.28 | |
| asterisk | open_source | 1.2.29 | |
| asterisk | open_source | 1.2.30 | |
| asterisk | open_source | 1.2.30.2 | |
| asterisk | open_source | 1.2.30.3 | |
| asterisk | open_source | 1.2.30.4 | |
| asterisk | open_source | 1.2.31 | |
| asterisk | open_source | 1.2.32 | |
| asterisk | open_source | 1.2.33 | |
| asterisk | open_source | 1.2.34 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.1 | |
| asterisk | open_source | 1.4.2 | |
| asterisk | open_source | 1.4.3 | |
| asterisk | open_source | 1.4.4 | |
| asterisk | open_source | 1.4.5 | |
| asterisk | open_source | 1.4.6 | |
| asterisk | open_source | 1.4.7 | |
| asterisk | open_source | 1.4.7.1 | |
| asterisk | open_source | 1.4.8 | |
| asterisk | open_source | 1.4.9 | |
| asterisk | open_source | 1.4.10 | |
| asterisk | open_source | 1.4.10.1 | |
| asterisk | open_source | 1.4.11 | |
| asterisk | open_source | 1.4.12 | |
| asterisk | open_source | 1.4.12.1 | |
| asterisk | open_source | 1.4.13 | |
| asterisk | open_source | 1.4.14 | |
| asterisk | open_source | 1.4.15 | |
| asterisk | open_source | 1.4.16 | |
| asterisk | open_source | 1.4.16.1 | |
| asterisk | open_source | 1.4.16.2 | |
| asterisk | open_source | 1.4.17 | |
| asterisk | open_source | 1.4.18 | |
| asterisk | open_source | 1.4.18.1 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | open_source | 1.4.19.1 | |
| asterisk | open_source | 1.4.19.2 | |
| asterisk | open_source | 1.4.20 | |
| asterisk | open_source | 1.4.20 | |
| asterisk | open_source | 1.4.20 | |
| asterisk | open_source | 1.4.20 | |
| asterisk | open_source | 1.4.21 | |
| asterisk | open_source | 1.4.21 | |
| asterisk | open_source | 1.4.21 | |
| asterisk | open_source | 1.4.21.1 | |
| asterisk | open_source | 1.4.21.2 | |
| asterisk | open_source | 1.4.22 | |
| asterisk | open_source | 1.4.22 | |
| asterisk | open_source | 1.4.22 | |
| asterisk | open_source | 1.4.22.1 | |
| asterisk | open_source | 1.4.22.2 | |
| asterisk | open_source | 1.4.23 | |
| asterisk | open_source | 1.4.23 | |
| asterisk | open_source | 1.4.23 | |
| asterisk | open_source | 1.4.23 | |
| asterisk | open_source | 1.4beta | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0 | |
| asterisk | open_source | 1.6.0.1 | |
| asterisk | open_source | 1.6.0.2 | |
| asterisk | open_source | 1.6.0.3 | |
| asterisk | open_source | 1.6.0.3 | |
| asterisk | open_source | 1.6.1.0 | |
| asterisk | open_source | 1.6.1.0 | |
| asterisk | open_source | 1.6.1.5 | |
| asterisk | opensource | 1.4.23.2 | |
| asterisk | opensource | 1.4.24 | |
| asterisk | opensource | 1.4.24.1 | |
| asterisk | opensource | 1.4.26 | |
| asterisk | opensource | 1.4.26.1 | |
| sangoma | asterisk | 1.6.1 | |
| sangoma | asterisk | 1.6.1.4 | |
| asterisk | appliance_s800i | 1.3 | |
| asterisk | appliance_s800i | 1.3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.1:*:business:*:*:*:*:*",
"matchCriteriaId": "D81F6E55-80F1-4770-9FF0-305EEEF3C4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.1:*:business:*:*:*:*:*",
"matchCriteriaId": "087DC9EC-0DF2-48AE-BB62-8DDF95C3EC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "471032A5-5EB6-44D1-91C8-BEA42C1E205A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "6FEB3FCA-065E-4C32-A4C7-F2C79F214F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.4:*:business:*:*:*:*:*",
"matchCriteriaId": "636D765F-C47B-4762-9419-D7B51FA38AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.5:*:business:*:*:*:*:*",
"matchCriteriaId": "36F29EE8-E05F-4F0A-B0FA-66C551856C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.6:*:business:*:*:*:*:*",
"matchCriteriaId": "CEAA72FE-E13C-4363-AF5C-7D1CEEE2FA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.1:*:business:*:*:*:*:*",
"matchCriteriaId": "3BAD5B3E-80FC-4B23-BD51-41D17BFA9C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.3:*:business:*:*:*:*:*",
"matchCriteriaId": "0B09EFBF-B8AD-455F-8F47-7C8F52371214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.4:*:business:*:*:*:*:*",
"matchCriteriaId": "4CF18A17-E16D-4529-9705-6E2333C89CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.5:*:business:*:*:*:*:*",
"matchCriteriaId": "1ED6AC46-E485-4D0A-BFC1-3DEED113B9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.6:*:business:*:*:*:*:*",
"matchCriteriaId": "25A4B8D6-373F-442B-978A-61E53EEA9870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.8:*:business:*:*:*:*:*",
"matchCriteriaId": "30D7485F-109D-46B9-8E6E-52E963080BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.5.9:*:business:*:*:*:*:*",
"matchCriteriaId": "D5C22240-282C-4B10-8CAE-CC07E5784C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.0_beta7:*:business:*:*:*:*:*",
"matchCriteriaId": "D0A87D63-35F5-47D7-893B-E8B179B16C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.0_beta8:*:business:*:*:*:*:*",
"matchCriteriaId": "95C1809E-9031-483F-B873-160284FA71D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.6:*:business:*:*:*:*:*",
"matchCriteriaId": "E35C336A-A786-476B-8B9F-E682D999B6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.6.1:*:business:*:*:*:*:*",
"matchCriteriaId": "8121721B-EBC6-44EA-86D6-7B0FF1C8FF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.6.2:*:business:*:*:*:*:*",
"matchCriteriaId": "1E76B3DD-5C38-4323-9F24-9327CC4E6FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.8.1:*:business:*:*:*:*:*",
"matchCriteriaId": "EB75A0FE-9D22-4DDB-909C-C87036328499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.10.3:*:business:*:*:*:*:*",
"matchCriteriaId": "75003D80-231D-4AC4-8346-4D4E4C8643E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.10.4:*:business:*:*:*:*:*",
"matchCriteriaId": "A04E037D-7F3F-4387-818D-1D618885AAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.10.5:*:business:*:*:*:*:*",
"matchCriteriaId": "2CACA83A-4D1E-458D-BA30-3C138FB848E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.2.1.2.1:*:business:*:*:*:*:*",
"matchCriteriaId": "32D447AB-DAF1-4F70-8686-156C0ACDAE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.2.3:*:business:*:*:*:*:*",
"matchCriteriaId": "6A958EDA-6FB8-447B-B190-8802C9DC9D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.2.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "30FDE355-2209-46D4-A4E9-4DF7B128014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.2.4.2:*:business:*:*:*:*:*",
"matchCriteriaId": "9CCDC56D-22F0-4617-A2FE-A23889F9C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:*",
"matchCriteriaId": "E6B4EC4D-957C-4A93-B65C-10114845A226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7971E1-F136-4ADC-95EC-BC4F92E838CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E62D108C-862D-4BDB-BE37-285AA4C9C59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CF1422F3-829D-498C-83A6-02989DFB70A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBEB9D69-A404-4053-92F9-CAC3481AFF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E816CCDB-4169-4F09-AE87-E467F4BE7685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27202966-2C41-4964-9497-1887D2A834C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "65223182-1675-462C-AF67-4A48760A63F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*",
"matchCriteriaId": "DC7EB4CD-6436-4E0B-A620-9DF2AC8A3C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "107DA2D8-FE7C-4B70-856D-43D58B988694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.4:netsec:*:*:*:*:*:*",
"matchCriteriaId": "02D5E6DF-7C9C-479F-986B-D5C8A144ACB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.5:netsec:*:*:*:*:*:*",
"matchCriteriaId": "68AF6200-1385-449F-A00E-2BACEE16450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C14614F-4E27-40A6-9E56-2B1DBB10330B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.6:netsec:*:*:*:*:*:*",
"matchCriteriaId": "61C0769F-6739-41D2-ADD8-924AC04C5F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2F2F5A-66FD-4057-917C-66332A88D83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.7:netsec:*:*:*:*:*:*",
"matchCriteriaId": "8EF13987-5767-4FED-9584-63D74B0A30A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "399B0206-B48B-46EF-8CA6-A6E5A2550B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.7.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "C57C1324-E11A-4B2B-9722-A4A63AEF0497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9760F-C0EB-47BB-8DA4-CC7815099DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.8:netsec:*:*:*:*:*:*",
"matchCriteriaId": "EE6D9718-D57D-48F6-A2B1-CECAFFCDDFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD915CD-A7D3-4305-A6C0-290C648A226C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.9.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "3249AB40-2058-42E9-9A33-64E434E5BB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E79CCE5-C29B-4726-8D2F-BC20F70959BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0CF6584D-A7BB-4BD5-8232-9293FEE4A971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F29C13DB-6F04-4B41-90A2-2408D70F3641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*",
"matchCriteriaId": "174D6B56-7D0F-46F0-849A-FD05CB348FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4F734E-0E78-4957-B323-8E9FBA7FF15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*",
"matchCriteriaId": "938F545A-F8A7-455E-8E5A-2B5454B6CE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4B117B-E945-4033-A79D-10DFAA3DF18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E7C0897A-C841-4AAB-A6B3-1FCF7A99A60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6D866F-8189-4FFD-AA24-47C0A015C246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*",
"matchCriteriaId": "B2BAA1B3-7DD3-4248-915D-2BCC0ACFA2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EBFB79-C269-4132-BFAB-451F66CE8289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*",
"matchCriteriaId": "21612C17-7368-4108-B55B-5AB5CA6733E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E1028E-2C07-4BA3-B891-FA853A87B280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*",
"matchCriteriaId": "8A0D57D7-15AD-4CDF-A5A7-AB83F8E6154E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9E74F577-70BD-4FAF-BCFD-10CD21FC5601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*",
"matchCriteriaId": "06DB25C8-4EA5-465F-8EFA-BCA8D40F1795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "57BB03E2-E61C-4A94-82DF-8720698CE271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*",
"matchCriteriaId": "A149F8C2-3DA5-44B2-A288-3482F3975824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B30A36F-5CE6-4246-8752-176FB5999C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*",
"matchCriteriaId": "9462B320-B69D-409D-8DCC-D8D6CA1A757D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*",
"matchCriteriaId": "ECCCBAE9-8FD4-43F0-9EF8-56E9BBA3D8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6A59BC20-3217-4584-9196-D1CD9E0D6B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*",
"matchCriteriaId": "BEA0014A-659B-4533-A393-6D4ADC80EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*",
"matchCriteriaId": "8F1621F9-7C84-4CF0-BBCD-CEAEE8683BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C64DF29-5B3D-401E-885E-8E37FD577254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "346C9F65-B5FB-4A75-8E1B-137112F270D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*",
"matchCriteriaId": "7EFEE380-0C64-4413-AF3A-45ABC8833500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7A321C2D-852B-4498-ADD6-79956410AB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*",
"matchCriteriaId": "8CA18FC6-1480-400E-A885-8CDAE45AA7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*",
"matchCriteriaId": "93741261-378B-4C02-8D68-0E5F39128375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C820538E-14EC-43C1-80DB-6AAE4905EF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*",
"matchCriteriaId": "07CF9DD6-B624-49F0-A8E4-7EBCE7932BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E9562112-2505-4F78-86DE-F30EFAEE47D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*",
"matchCriteriaId": "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72A840B4-216B-4063-997F-791FBC8C8658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "72375576-F857-4585-A677-A326D89A65B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "51E5EB34-30AD-4E81-8BD4-4AB905E52B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4359322B-08D0-4710-A9C3-54BD4A17B800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78F84DF4-DBA7-430C-AF17-F52024EF80D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34266614-3588-485C-A609-37823F8499AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD299B8E-D912-4B67-85C3-79CFF4C4F3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9890504F-AA2E-44E9-8510-BFFD75FD6D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "38CF30B7-832F-40D4-8DA2-47B55BAC78B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2072ADDC-C105-49CD-929A-011C8B9C6CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A16BE0C5-4569-4F62-AC58-4B4D5B60D935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "967DF432-DEF4-4FA2-8C8D-19A7FB663A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "40850BF4-E252-4667-9B46-9B6FEF6E997D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1BB01DD1-B29B-4210-88CC-9ADB3148A410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "295D4042-2D3C-481B-B969-2DDAC1161198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9EE2A-56AD-42BC-8CB0-D34091849B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96877A3E-B54B-4F31-B281-76CDC98B2D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0B4503-42A6-4D88-954E-A662E91EC204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B73813-BCD8-429E-B9B9-D6665E026BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9CBE2156-AF86-4C72-B33D-3FF83930F828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61408884-FBBF-4D94-A552-F99AB46DCED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4A527277-D97D-4B74-906F-7481BDBD96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B57A32-7B83-4783-A244-C26301970444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "044FD0D0-FC92-4A01-B0D4-11A703EF21FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3477EC1A-9634-492C-B052-35770A9C9F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1C90F104-FA2C-4091-B149-1774AC982C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9328768-7C08-4143-B5F8-F5C2D735D21A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C04E2B3-094B-4828-A2FC-BB66244A9F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDE3D31-4BB2-45A3-B085-8C91152A3152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0107D4-395E-45F1-B963-7618CCC007D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "53B8E11B-4984-45A8-A107-D276205988B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2495DB98-F923-4E60-86EC-2DBB7A98C90C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E186D125-996E-4900-A2B8-5CDC8B5D5136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "88576385-EF03-408B-9775-B52E6AFFE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1A838577-2BA1-4792-8B69-6FB07FFD7727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2BF36F-CF10-4F24-970B-3D0BB7561C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc-2:*:*:*:*:*:*",
"matchCriteriaId": "D35DD57B-EF77-4C5F-9B44-DAF5E0560E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BFC1BB05-15C6-4829-86EB-5B1BFA4B5B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AB77E88B-7233-4979-914E-24E671C1FB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1CCF9CAE-674A-4833-9D5C-FCBD865BE9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1593E1-BF21-4DB9-A18E-9F221F3F9022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8E9FE3-FA25-4054-876E-4A3CE6E71AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBAEADC-D1DE-46EF-808C-2F6D2A74D988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEF8EB4B-2947-4BD3-ADF3-345AEFE85B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4476FB3-A759-49F5-ABDE-6D2A321B61BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DFC109C3-2F52-48BE-B07E-3D65F31C1012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E54101A9-3967-4111-8A03-DA1BB23141BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8B00600-1D45-41F7-9A10-97FB39012FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D8CB2331-0F95-45E0-AF5B-0B9C74C5BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4ADB6A7-76AC-4AE3-B1AA-9F8DFA635418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "776BC35C-CF37-4F4E-9FD5-EC351D4C2C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F10DAABC-FF06-44FB-98EC-B6AD17C03FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ACA8AFD5-4C7C-4876-93CA-C5B3E881C455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "547EEB2B-2ECA-4B00-83BB-CFAA11BE0145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83829E0F-C24B-4BD6-88EA-98898A9AD86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C19141-823E-4057-A699-FD1DFF92DF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE7FE41-E749-49B8-99DF-19F9E7C4827A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4E78234B-39B6-4DB4-A10F-AA55F174D4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3984CF42-2431-4661-B333-C6721DF7123A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "303CBFC2-22C1-47CE-A26C-A99B05763374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8012CE-4D4B-4131-87E7-16D7907E3BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D4F88914-6097-4AF1-8337-DCF062EB88AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8BDB49DC-5344-451E-B8D6-D02C3431CE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B1FDA8D3-5082-479B-BA0A-F1E83D750B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7305910F-42BA-44CE-A7AC-B6F74200B68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B93EB4D6-3375-44BC-870F-714A3BC00C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "52F60D6E-64EB-4223-8A79-595693B444C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:*",
"matchCriteriaId": "37CF29B9-4397-4298-9326-0443E666CDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "7D85DA34-A977-4A82-8E79-7BFE064DE9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "1476EF7B-A6F8-4B10-AF0F-986EA6BA3116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "98E222F0-4CAA-4247-A00D-C6CEC2E55198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "63744245-6126-47F6-B9F5-E936538140C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "C8805BEE-A4CF-45C2-B948-F1E8EF0A0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E474C33-B42A-4BB8-AC57-8A9071316240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B83B3132-7D78-4AC3-B83A-A6A20AA28993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0147FCED-AE75-4945-B76E-33F2AA764B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C976AB0-2D1A-40CA-AEC3-E271B59B6960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "785205F3-88C1-4F63-B091-4920AF1C892D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "879A19B4-C037-407C-AC3F-76D6095E950C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF16907E-5B0A-4312-AB20-0020A6EDFDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:opensource:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "876044E9-1B51-4877-A92F-63502D17E28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:opensource:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF0F165-E75F-4990-8369-5FD275E453AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:opensource:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A194CAD2-A056-4664-B24A-0424F69BA1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:opensource:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "017F1C0D-0469-412A-99B0-70BF8195B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:opensource:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D0BE8E-1D28-4402-851E-C900E8609898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15A0A1ED-5EDB-4D7B-9514-FD92BA00F940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56DFDEB7-5220-4501-8499-9114727CD29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:asterisk:appliance_s800i:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27F70E5D-58B9-451D-96E9-CE788B5EEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:asterisk:appliance_s800i:1.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B08893AA-F51D-44CA-97C1-8E7E5A7A7F54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo IAX2 en Asterisk Open Source v1.2.x antes de v1.2.35, v1.4.x antes de v1.4.26.2, v1.6.0.x antes de v1.6.0.15, v1.6.1.x antes de v1.6.1.x; Business Edition vB.x.x antes de que vB.2.5.10, vC.2.x antes vC.2.4.3 y vC.3.x antes de C.3.1.1; y S800i v1.3.x antes de v1.3.0.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio iniciando muchos intercambios de mensajes IAX2. Se trata de una aunto relacionado con la CVE-2008-3263."
}
],
"id": "CVE-2009-2346",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36593"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022819"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36275"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-26 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/24977 | Patch, Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/2645 | ||
| cve@mitre.org | http://www.asterisk.org/files/ASA-2007-010.pdf | ||
| cve@mitre.org | http://www.osvdb.org/35368 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/466883/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/472804/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23648 | Exploit, Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1017951 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018337 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1534 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33895 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24977 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2645 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/files/ASA-2007-010.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/35368 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/466883/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/472804/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23648 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017951 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1534 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33895 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en la funci\u00f3n process_sdp del chan_sip.c en el en el analizador sint\u00e1ctico SIP channel T.38 del Asterisk, anterior al 1.4.3. permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un par\u00e1metro largo (1) T38FaxRateManagement o (2) T38FaxUdpEC SDP en el mensaje SIP, como lo demostrado usando SIP INVITE."
}
],
"id": "CVE-2007-2293",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-26T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24977"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2645"
},
{
"source": "cve@mitre.org",
"url": "http://www.asterisk.org/files/ASA-2007-010.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35368"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466883/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472804/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/23648"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017951"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018337"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.asterisk.org/files/ASA-2007-010.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466883/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472804/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/23648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33895"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-22 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.digium.com/view.php?id=9313 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/24579 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/24719 | ||
| cve@mitre.org | http://secunia.com/advisories/25582 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200704-01.xml | ||
| cve@mitre.org | http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 | ||
| cve@mitre.org | http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html | Vendor Advisory | |
| cve@mitre.org | http://www.asterisk.org/node/48338 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/463434/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23093 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1017809 | ||
| cve@mitre.org | http://www.sineapps.com/news.php?rssid=1707 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1077 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.digium.com/view.php?id=9313 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24579 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24719 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200704-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/48338 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/463434/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017809 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sineapps.com/news.php?rssid=1707 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1077 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 0.1.7 | |
| asterisk | asterisk | 0.1.8 | |
| asterisk | asterisk | 0.1.9 | |
| asterisk | asterisk | 0.1.9_1 | |
| asterisk | asterisk | 0.1.11 | |
| asterisk | asterisk | 0.2 | |
| asterisk | asterisk | 0.3 | |
| asterisk | asterisk | 0.4 | |
| asterisk | asterisk | 0.7.0 | |
| asterisk | asterisk | 0.7.1 | |
| asterisk | asterisk | 0.7.2 | |
| asterisk | asterisk | 0.9.0 | |
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0.6 | |
| asterisk | asterisk | 1.0.7 | |
| asterisk | asterisk | 1.0.8 | |
| asterisk | asterisk | 1.0.9 | |
| asterisk | asterisk | 1.0.10 | |
| asterisk | asterisk | 1.0.11 | |
| asterisk | asterisk | 1.0.12 | |
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "74257EDA-40C0-4762-8184-1526B5682326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF09DF6-3E23-4139-92A2-DC44D2A2CF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3003B53D-F21C-4D37-903D-D6F51EF6E63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.9_1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3E676F-0559-4135-8B01-27A808363F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3B67F4F2-CDB9-46C1-AE4C-3E183E54693A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4D46FC-06D3-4022-B971-0BA11868486B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C3C518-8427-40F1-832C-31D414DB9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77038CD8-F21A-4372-8D23-1A2563865334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B60E0BAB-6D6E-48DB-92A9-62769E25C024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB40890B-5C7C-4BDD-8579-80C75C259570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323CDA8E-FBB4-455F-BC72-A3588FE0014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09BDB6F9-A258-4537-BEFB-BB18A38B1071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet."
},
{
"lang": "es",
"value": "La funci\u00f3n handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una respuesta SIP c\u00f3digo 0 en un paquete SIP."
}
],
"id": "CVE-2007-1594",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-22T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24579"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24719"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907\u0026r2=59038"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.asterisk.org/node/48338"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23093"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017809"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.digium.com/view.php?id=9313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907\u0026r2=59038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.asterisk.org/node/48338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1077"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=185713 | ||
| cve@mitre.org | http://ftp.digium.com/pub/asa/ASA-2007-014.pdf | Patch | |
| cve@mitre.org | http://secunia.com/advisories/26099 | ||
| cve@mitre.org | http://secunia.com/advisories/29051 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200802-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24949 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018407 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2563 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35466 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=185713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asa/ASA-2007-014.pdf | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29051 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24949 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2563 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35466 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.0 | |
| asterisk | asterisk | 1.0.6 | |
| asterisk | asterisk | 1.0.7 | |
| asterisk | asterisk | 1.0.8 | |
| asterisk | asterisk | 1.0.9 | |
| asterisk | asterisk | 1.0.10 | |
| asterisk | asterisk | 1.0.11 | |
| asterisk | asterisk | 1.0.12 | |
| asterisk | asterisk | 1.2.0_beta1 | |
| asterisk | asterisk | 1.2.0_beta2 | |
| asterisk | asterisk | 1.2.5 | |
| asterisk | asterisk | 1.2.6 | |
| asterisk | asterisk | 1.2.7 | |
| asterisk | asterisk | 1.2.8 | |
| asterisk | asterisk | 1.2.9 | |
| asterisk | asterisk | 1.2.10 | |
| asterisk | asterisk | 1.2.11 | |
| asterisk | asterisk | 1.2.12 | |
| asterisk | asterisk | 1.2.13 | |
| asterisk | asterisk | 1.2.14 | |
| asterisk | asterisk | 1.2.15 | |
| asterisk | asterisk | 1.2.16 | |
| asterisk | asterisk | 1.2.17 | |
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4.4_2007-04-27 | |
| asterisk | asterisk | 1.4_beta | |
| asterisk | asterisk | a | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisknow | beta_5 | |
| asterisk | asterisknow | beta_6 | |
| asterisk | s800i_appliance | 1.0 | |
| asterisk | s800i_appliance | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
"matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
"matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
"versionEndIncluding": "0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n enviando una trama RTP larga de (1) voz o (2) v\u00eddeo."
}
],
"id": "CVE-2007-3762",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-18T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29051"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24949"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2008-005.html | ||
| cve@mitre.org | http://secunia.com/advisories/29449 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29470 | ||
| cve@mitre.org | http://securityreason.com/securityalert/3764 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489819/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28316 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1019679 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2008-005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29449 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29470 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3764 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489819/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28316 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019679 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | 1.4.1 | |
| asterisk | asterisk | 1.4.2 | |
| asterisk | asterisk | 1.4.3 | |
| asterisk | asterisk | 1.4.4 | |
| asterisk | asterisk | 1.4.5 | |
| asterisk | asterisk | 1.4.6 | |
| asterisk | asterisk | 1.4.7 | |
| asterisk | asterisk | 1.4.8 | |
| asterisk | asterisk | 1.4.9 | |
| asterisk | asterisk | 1.4.10 | |
| asterisk | asterisk | 1.4.11 | |
| asterisk | asterisk | 1.4.12 | |
| asterisk | asterisk | 1.4.13 | |
| asterisk | asterisk | 1.4.14 | |
| asterisk | asterisk | 1.4.15 | |
| asterisk | asterisk | 1.4.16 | |
| asterisk | asterisk | 1.4.17 | |
| asterisk | asterisk | 1.4.18.1 | |
| asterisk | asterisk | 1.4_beta | |
| asterisk | asterisk | 1.4_revision_95946 | |
| asterisk | asterisk | 1.6 | |
| asterisk | asterisk_appliance_developer_kit | 0.2 | |
| asterisk | asterisk_appliance_developer_kit | 0.3 | |
| asterisk | asterisk_appliance_developer_kit | 0.4 | |
| asterisk | asterisk_appliance_developer_kit | 0.5 | |
| asterisk | asterisk_appliance_developer_kit | 0.6 | |
| asterisk | asterisk_appliance_developer_kit | 0.7 | |
| asterisk | asterisk_appliance_developer_kit | 0.8 | |
| asterisk | asterisk_appliance_developer_kit | 1.4 | |
| asterisk | asterisk_business_edition | c.1.0-beta7 | |
| asterisk | asterisk_business_edition | c.1.0-beta8 | |
| asterisk | asterisknow | 1.0 | |
| asterisk | asterisknow | beta_5 | |
| asterisk | asterisknow | beta_6 | |
| asterisk | asterisknow | beta_7 | |
| asterisk | s800i | 1.0 | |
| asterisk | s800i | 1.0.1 | |
| asterisk | s800i | 1.0.2 | |
| asterisk | s800i | 1.0.3 | |
| asterisk | s800i | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84CB8C4A-F001-4DD7-8DFE-CB082B4BB969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96DB0240-E93D-4BDB-859B-B44C91996993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4BA849-E092-404A-92CD-44C2D99AE971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7014B4-1860-49AD-9469-9954C3CC01C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1F0056-0945-476C-982E-7B41EB420A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A53DEC9D-B288-42CD-9387-57315AC98D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1F33F-27B6-4C56-92FF-EB2861ABBC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64E07CF3-073D-4705-96A6-13367D4F5CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "18D19CB0-E3D7-40DB-B0C0-B62BB6075267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77FB7CC1-BD0D-4F34-AB21-59CFD23C494C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "997FA3C7-1894-478A-ABF1-52DD2B0487E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "96E02BE0-BF4A-46C9-AFB5-47E8F18E3D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "292190EE-D9C8-4E3A-BB34-0ECD7B865482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAC55F9-1D43-4AA8-87C9-DB165442700B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "195B012E-0538-4140-9035-F5D1A442778B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78AC03A7-41AB-45AF-AD89-291A7429B8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*",
"matchCriteriaId": "DB08F4FA-8600-4D21-A565-B3BF636634B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAE6729-D79A-49B8-9758-BA74A60A238A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C05B437-C292-4AA0-8AFE-1CA07CD80034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDF486-4185-48EE-869E-0AA6726C31F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C5757B9B-2759-439A-9A6D-CCDD6C8C8940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD71268-EAA2-477B-8AC4-DE4853A262B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "529B2115-A191-4F3F-8F8C-A38B7C45463A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2D0508-C418-48CE-BF83-39F893688D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC80EBD-14D3-44A6-A06F-0549722E0EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "7859797F-E9AD-4429-BD2C-A24EC24A5D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE2F09E-4B5A-4EDF-A48A-BCBBAA80156B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9320928D-D83C-4258-AF62-AB2D1F50D972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "569084D1-977D-41FC-A444-0B3F5199DDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02D182FB-761C-4F08-A776-B613FAC55230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B5EDAB-61DD-4864-A159-39292D339DA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
},
{
"lang": "es",
"value": "El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisi\u00f3n 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gesti\u00f3n no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesi\u00f3n de gesti\u00f3n a trav\u00e9s de una serie de adivinaciones de ID."
}
],
"id": "CVE-2008-1390",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29449"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29470"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3764"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28316"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019679"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-07 19:19
Modified
2025-04-09 00:30
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.digium.com/pub/asa/ASA-2007-013.pdf | ||
| cve@mitre.org | http://osvdb.org/35769 | ||
| cve@mitre.org | http://secunia.com/advisories/25134 | ||
| cve@mitre.org | http://secunia.com/advisories/25582 | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23824 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1661 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asa/ASA-2007-013.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/35769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25134 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23824 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1661 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC58B8ED-82EB-4AD1-ADF9-97BAB073D19D",
"versionEndIncluding": "1.4.4_2007-04-27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte."
},
{
"lang": "es",
"value": "El controlador del canal IAX2 (chan_iax2) en Asterisk anterior a 20070504 no anula correctamente los datos terminales, lo cual permite a atacantes remotos disparar la p\u00e9rdida de datos transmitidos, y posiblemente obtener informaci\u00f3n sensible (contenido de memoria) o provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n), enviando un marco que carece 0 bytes."
}
],
"id": "CVE-2007-2488",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-07T19:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-013.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35769"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25134"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23824"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1661"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-013.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34085"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 19:19
Modified
2025-04-09 00:30
Severity ?
Summary
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://asterisk.org/node/48339 | ||
| cve@mitre.org | http://marc.info/?l=full-disclosure&m=117432783011737&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/24564 | ||
| cve@mitre.org | http://secunia.com/advisories/24719 | ||
| cve@mitre.org | http://secunia.com/advisories/25582 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200704-01.xml | ||
| cve@mitre.org | http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.osvdb.org/34479 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/463434/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23031 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1017794 | ||
| cve@mitre.org | http://www.sineapps.com/news.php?rssid=1707 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1039 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33068 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://asterisk.org/node/48339 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=117432783011737&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24564 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24719 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200704-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/34479 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/463434/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23031 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017794 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sineapps.com/news.php?rssid=1707 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1039 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33068 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address."
},
{
"lang": "es",
"value": "El controlador del canal en Asterisk en versiones anteriores a 1.2.17 y 1.4.x en versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un mensaje SIP INVITE con un SDP que contiene una direcci\u00f3n IP v\u00e1lida y otra no v\u00e1lida."
}
],
"id": "CVE-2007-1561",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-21T19:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://asterisk.org/node/48339"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=117432783011737\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24564"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24719"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34479"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23031"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017794"
},
{
"source": "cve@mitre.org",
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1039"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://asterisk.org/node/48339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=117432783011737\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200704-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463434/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sineapps.com/news.php?rssid=1707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33068"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2008-003.html | Patch | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html | ||
| cve@mitre.org | http://secunia.com/advisories/29426 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29456 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29470 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29782 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29957 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200804-13.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1019629 | ||
| cve@mitre.org | http://www.asterisk.org/node/48466 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1525 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489818/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28310 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0928 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41308 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2008-003.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29426 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29456 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29470 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29957 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200804-13.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019629 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/48466 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1525 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489818/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28310 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0928 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41308 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk | a | |
| asterisk | asterisk | b.1.3.2 | |
| asterisk | asterisk | b.1.3.3 | |
| asterisk | asterisk | b.2.2.0 | |
| asterisk | asterisk | b.2.2.1 | |
| asterisk | asterisk | b.2.3.1 | |
| asterisk | asterisk | b.2.3.2 | |
| asterisk | asterisk | b.2.3.3 | |
| asterisk | asterisk | b.2.3.4 | |
| asterisk | asterisk | b.2.3.5 | |
| asterisk | asterisk | b.2.3.6 | |
| asterisk | asterisk | c.1.0_beta7 | |
| asterisk | asterisk | c.1.0_beta8 | |
| asterisk | asterisk | c.1.6 | |
| asterisk | asterisk | c.1.6.1 | |
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisk_appliance_developer_kit | 0.2 | |
| asterisk | asterisk_appliance_developer_kit | 0.3 | |
| asterisk | asterisk_appliance_developer_kit | 0.4 | |
| asterisk | asterisk_appliance_developer_kit | 0.5 | |
| asterisk | asterisk_appliance_developer_kit | 0.6 | |
| asterisk | asterisk_appliance_developer_kit | 0.6.0 | |
| asterisk | asterisk_appliance_developer_kit | 0.7 | |
| asterisk | asterisk_appliance_developer_kit | 0.8 | |
| asterisk | asterisk_appliance_developer_kit | 1.3 | |
| asterisk | asterisk_business_edition | * | |
| asterisk | asterisk_business_edition | * | |
| asterisk | asterisk_business_edition | * | |
| asterisk | asterisknow | * | |
| asterisk | asterisknow | 1.0 | |
| asterisk | open_source | * | |
| asterisk | open_source | * | |
| asterisk | open_source | * | |
| asterisk | open_source | 1.0 | |
| asterisk | open_source | 1.0.0 | |
| asterisk | open_source | 1.0.1 | |
| asterisk | open_source | 1.0.2 | |
| asterisk | open_source | 1.0.3 | |
| asterisk | open_source | 1.0.3.4 | |
| asterisk | open_source | 1.0.4 | |
| asterisk | open_source | 1.0.5 | |
| asterisk | open_source | 1.0.6 | |
| asterisk | open_source | 1.0.7 | |
| asterisk | open_source | 1.0.8 | |
| asterisk | open_source | 1.0.9 | |
| asterisk | open_source | 1.0.11 | |
| asterisk | open_source | 1.0.11.1 | |
| asterisk | open_source | 1.0.12 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0 | |
| asterisk | open_source | 1.2.0beta2 | |
| asterisk | open_source | 1.2.1 | |
| asterisk | open_source | 1.2.2 | |
| asterisk | open_source | 1.2.3 | |
| asterisk | open_source | 1.2.4 | |
| asterisk | open_source | 1.2.5 | |
| asterisk | open_source | 1.2.6 | |
| asterisk | open_source | 1.2.7 | |
| asterisk | open_source | 1.2.7.1 | |
| asterisk | open_source | 1.2.8 | |
| asterisk | open_source | 1.2.9 | |
| asterisk | open_source | 1.2.9.1 | |
| asterisk | open_source | 1.2.10 | |
| asterisk | open_source | 1.2.11 | |
| asterisk | open_source | 1.2.12 | |
| asterisk | open_source | 1.2.12.1 | |
| asterisk | open_source | 1.2.13 | |
| asterisk | open_source | 1.2.14 | |
| asterisk | open_source | 1.2.15 | |
| asterisk | open_source | 1.2.16 | |
| asterisk | open_source | 1.2.17 | |
| asterisk | open_source | 1.2.18 | |
| asterisk | open_source | 1.2.19 | |
| asterisk | open_source | 1.2.20 | |
| asterisk | open_source | 1.2.21 | |
| asterisk | open_source | 1.2.21.1 | |
| asterisk | open_source | 1.2.22 | |
| asterisk | open_source | 1.2.23 | |
| asterisk | open_source | 1.2.24 | |
| asterisk | open_source | 1.2.25 | |
| asterisk | open_source | 1.2.26.1 | |
| asterisk | open_source | 1.2.26.2 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.0 | |
| asterisk | open_source | 1.4.1 | |
| asterisk | open_source | 1.4.10 | |
| asterisk | open_source | 1.4.10.1 | |
| asterisk | open_source | 1.4.11 | |
| asterisk | open_source | 1.4.12 | |
| asterisk | open_source | 1.4.12.1 | |
| asterisk | open_source | 1.4.13 | |
| asterisk | open_source | 1.4.14 | |
| asterisk | open_source | 1.4.15 | |
| asterisk | open_source | 1.4.16 | |
| asterisk | open_source | 1.4.16.1 | |
| asterisk | open_source | 1.4.16.2 | |
| asterisk | open_source | 1.4.18 | |
| asterisk | open_source | 1.4.19 | |
| asterisk | s800i | * | |
| asterisk | s800i | 1.0 | |
| asterisk | s800i | 1.0.1 | |
| asterisk | s800i | 1.0.2 | |
| asterisk | s800i | 1.0.3 | |
| asterisk | s800i | 1.0.3.3 | |
| asterisk | s800i | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
"matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
"matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.1:*:business:*:*:*:*:*",
"matchCriteriaId": "D81F6E55-80F1-4770-9FF0-305EEEF3C4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.1:*:business:*:*:*:*:*",
"matchCriteriaId": "087DC9EC-0DF2-48AE-BB62-8DDF95C3EC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.2:*:business:*:*:*:*:*",
"matchCriteriaId": "471032A5-5EB6-44D1-91C8-BEA42C1E205A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.3:*:business:*:*:*:*:*",
"matchCriteriaId": "6FEB3FCA-065E-4C32-A4C7-F2C79F214F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.4:*:business:*:*:*:*:*",
"matchCriteriaId": "636D765F-C47B-4762-9419-D7B51FA38AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.5:*:business:*:*:*:*:*",
"matchCriteriaId": "36F29EE8-E05F-4F0A-B0FA-66C551856C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:b.2.3.6:*:business:*:*:*:*:*",
"matchCriteriaId": "CEAA72FE-E13C-4363-AF5C-7D1CEEE2FA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.0_beta7:*:business:*:*:*:*:*",
"matchCriteriaId": "D0A87D63-35F5-47D7-893B-E8B179B16C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.0_beta8:*:business:*:*:*:*:*",
"matchCriteriaId": "95C1809E-9031-483F-B873-160284FA71D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.6:*:business:*:*:*:*:*",
"matchCriteriaId": "E35C336A-A786-476B-8B9F-E682D999B6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:c.1.6.1:*:business:*:*:*:*:*",
"matchCriteriaId": "8121721B-EBC6-44EA-86D6-7B0FF1C8FF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF22BFB-2B22-4FBE-AE35-D7BC2A461865",
"versionEndIncluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C05B437-C292-4AA0-8AFE-1CA07CD80034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDF486-4185-48EE-869E-0AA6726C31F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C5757B9B-2759-439A-9A6D-CCDD6C8C8940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4548D39-0562-4946-AA51-A7C1A31AEE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD71268-EAA2-477B-8AC4-DE4853A262B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "529B2115-A191-4F3F-8F8C-A38B7C45463A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B76EFDCA-20EC-4C62-A0AD-CBD317D69441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EC98BF-00C0-48F5-ADFA-DB8AC6E95F3A",
"versionEndIncluding": "a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E140B81-4528-4BCC-AE60-B91DD4B2C9FE",
"versionEndIncluding": "b.2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8CF6B9-050B-426B-86FC-8A32E8C09A68",
"versionEndIncluding": "c.1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C58E6B-AECC-48AF-8059-61772690776A",
"versionEndIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A66DC4A6-290C-48ED-A0F8-8DC05EA0AAC6",
"versionEndIncluding": "1.2.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEDD6A3-13B1-4553-8BAD-93DB5203F3B6",
"versionEndIncluding": "1.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:*:rc-2:*:*:*:*:*:*",
"matchCriteriaId": "F4AB8D8F-15AC-4516-85A2-B5D2B5B3DF04",
"versionEndIncluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678DB154-4363-42FF-8B28-367923FC6595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F2C378-FF0E-4765-9F66-625C4064D5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A9295-F632-4856-90A1-38371EB98589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAE6AF1-884D-41F7-B174-9E13C7719C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA9E35B-9A6B-42F2-9315-9C7D09F62227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89B1F293-4F0F-48FD-A1F1-1230B94D87D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF7EC20-A424-45E5-B7E4-3CC86075858C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C790E105-55C8-4CDC-9FA8-E1FF6F130A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44C860EF-2B29-4995-B942-000CC43FDD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADB80EF-C724-44BA-88FC-24087799D0C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "78B39BE8-7E2D-42DF-8633-44CAD5662777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F39036E3-0027-4C72-9DEB-9A6E2B4512C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A037E6F9-3EF7-4EEB-AC16-081421BCE40D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7971E1-F136-4ADC-95EC-BC4F92E838CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E62D108C-862D-4BDB-BE37-285AA4C9C59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CF1422F3-829D-498C-83A6-02989DFB70A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBEB9D69-A404-4053-92F9-CAC3481AFF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B2F43B-8B69-4BF6-86B7-A225175FF068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27202966-2C41-4964-9497-1887D2A834C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "107DA2D8-FE7C-4B70-856D-43D58B988694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C14614F-4E27-40A6-9E56-2B1DBB10330B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2F2F5A-66FD-4057-917C-66332A88D83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "399B0206-B48B-46EF-8CA6-A6E5A2550B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9760F-C0EB-47BB-8DA4-CC7815099DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD915CD-A7D3-4305-A6C0-290C648A226C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E79CCE5-C29B-4726-8D2F-BC20F70959BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F29C13DB-6F04-4B41-90A2-2408D70F3641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4F734E-0E78-4957-B323-8E9FBA7FF15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4B117B-E945-4033-A79D-10DFAA3DF18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6D866F-8189-4FFD-AA24-47C0A015C246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EBFB79-C269-4132-BFAB-451F66CE8289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E1028E-2C07-4BA3-B891-FA853A87B280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9E74F577-70BD-4FAF-BCFD-10CD21FC5601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "57BB03E2-E61C-4A94-82DF-8720698CE271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B30A36F-5CE6-4246-8752-176FB5999C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6A59BC20-3217-4584-9196-D1CD9E0D6B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C64DF29-5B3D-401E-885E-8E37FD577254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7A321C2D-852B-4498-ADD6-79956410AB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C820538E-14EC-43C1-80DB-6AAE4905EF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72A840B4-216B-4063-997F-791FBC8C8658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "967DF432-DEF4-4FA2-8C8D-19A7FB663A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "40850BF4-E252-4667-9B46-9B6FEF6E997D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1BB01DD1-B29B-4210-88CC-9ADB3148A410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "295D4042-2D3C-481B-B969-2DDAC1161198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "044FD0D0-FC92-4A01-B0D4-11A703EF21FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3477EC1A-9634-492C-B052-35770A9C9F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1C90F104-FA2C-4091-B149-1774AC982C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9328768-7C08-4143-B5F8-F5C2D735D21A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C04E2B3-094B-4828-A2FC-BB66244A9F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDE3D31-4BB2-45A3-B085-8C91152A3152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0107D4-395E-45F1-B963-7618CCC007D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "53B8E11B-4984-45A8-A107-D276205988B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2495DB98-F923-4E60-86EC-2DBB7A98C90C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E186D125-996E-4900-A2B8-5CDC8B5D5136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1A838577-2BA1-4792-8B69-6FB07FFD7727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1E04DC-AE6A-4536-8E45-36494E51B036",
"versionEndIncluding": "1.1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9320928D-D83C-4258-AF62-AB2D1F50D972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "569084D1-977D-41FC-A444-0B3F5199DDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02D182FB-761C-4F08-A776-B613FAC55230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9046D49-6878-4571-8B9E-2FBD5BA80D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B5EDAB-61DD-4864-A159-39292D339DA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Asterisk Open Source versiones 1.2.x anteriores a 1.2.27, 1.4.x anteriores a 1.4.18.1 y 1.4.19-rc3; en Business Edition versiones A.x.x, B.x.x anteriores a B.2.5.1, y C.x.x anteriores a C.1.6.2; en AsteriskNOW versiones 1.0.x anteriores a 1.0.2; Appliance Developer Kit anteriores a 1.4 revisi\u00f3n 109393; y s800i versiones 1.0.x anteriores a 1.1.0.2 permite a atacantes remotos acceder al controlador del canal SIP mediante la utilizaci\u00f3n de una cabecera From especialmente construida."
}
],
"id": "CVE-2008-1332",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29426"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29456"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29470"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29782"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29957"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019629"
},
{
"source": "cve@mitre.org",
"url": "http://www.asterisk.org/node/48466"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28310"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.asterisk.org/node/48466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}