Vulnerabilites related to digium - asterisk
CVE-2014-2287 (GCVE-0-2014-2287)
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-18T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66094"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23373",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"name": "MDVSA-2014:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2287",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2014-03-05T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7287 (GCVE-0-2018-7287)
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040419",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040419"
},
{
"name": "103120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-24T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1040419",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040419"
},
{
"name": "103120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040419"
},
{
"name": "103120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103120"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27658",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2018-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7287",
"datePublished": "2018-02-22T00:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2947 (GCVE-0-2012-2947)
Vulnerability from cvelistv5
Published
2012-06-02 15:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "1027102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "1027102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "1027102",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2947",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18976 (GCVE-0-2019-18976)
Vulnerability from cvelistv5
Published
2019-11-22 16:59
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"name": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1",
"refsource": "MISC",
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"name": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"name": "https://seclists.org/fulldisclosure/2019/Nov/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18976",
"datePublished": "2019-11-22T16:59:19",
"dateReserved": "2019-11-14T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8415 (GCVE-0-2014-8415)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-015.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8415",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2535 (GCVE-0-2011-2535)
Vulnerability from cvelistv5
Published
2011-07-06 19:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:22.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
},
{
"name": "asterisk-iax2channeldriver-dos(68205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
},
{
"name": "48431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48431"
},
{
"name": "1025708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025708"
},
{
"name": "45239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45239"
},
{
"name": "DSA-2276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "45048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45048"
},
{
"name": "73309",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73309"
},
{
"name": "45201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
},
{
"name": "asterisk-iax2channeldriver-dos(68205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
},
{
"name": "48431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48431"
},
{
"name": "1025708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025708"
},
{
"name": "45239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45239"
},
{
"name": "DSA-2276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "45048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45048"
},
{
"name": "73309",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73309"
},
{
"name": "45201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45201"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44973"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
},
{
"name": "asterisk-iax2channeldriver-dos(68205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
},
{
"name": "48431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48431"
},
{
"name": "1025708",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025708"
},
{
"name": "45239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45239"
},
{
"name": "DSA-2276",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "45048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45048"
},
{
"name": "73309",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73309"
},
{
"name": "45201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45201"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2535",
"datePublished": "2011-07-06T19:00:00",
"dateReserved": "2011-06-22T00:00:00",
"dateUpdated": "2024-08-06T23:08:22.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from cvelistv5
Published
2022-08-30 00:00
Modified
2024-08-04 05:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18610 (GCVE-0-2019-18610)
Vulnerability from cvelistv5
Published
2019-11-22 17:31
Modified
2024-08-05 01:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18610",
"datePublished": "2019-11-22T17:31:16",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2536 (GCVE-0-2011-2536)
Vulnerability from cvelistv5
Published
2011-07-06 19:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:22.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"name": "1025734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"name": "1025734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"name": "1025734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2536",
"datePublished": "2011-07-06T19:00:00",
"dateReserved": "2011-06-27T00:00:00",
"dateUpdated": "2024-08-06T23:08:22.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14098 (GCVE-0-2017-14098)
Vulnerability from cvelistv5
Published
2017-09-02 16:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/873909"
},
{
"name": "1039253",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039253"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"name": "100583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/873909"
},
{
"name": "1039253",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039253"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"name": "100583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/873909",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/873909"
},
{
"name": "1039253",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039253"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"name": "100583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100583"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27152",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14098",
"datePublished": "2017-09-02T16:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12827 (GCVE-0-2019-12827)
Vulnerability from cvelistv5
Published
2019-07-12 19:19
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T19:19:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28447",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2019-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12827",
"datePublished": "2019-07-12T19:19:52",
"dateReserved": "2019-06-14T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7617 (GCVE-0-2017-7617)
Vulnerability from cvelistv5
Published
2017-04-10 14:00
Modified
2024-08-05 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/859910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/859910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97377"
},
{
"name": "https://bugs.debian.org/859910",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/859910"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7617",
"datePublished": "2017-04-10T14:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26712 (GCVE-0-2021-26712)
Vulnerability from cvelistv5
Published
2021-02-18 20:10
Modified
2024-08-03 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26712",
"datePublished": "2021-02-18T20:10:20",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1175 (GCVE-0-2011-1175)
Vulnerability from cvelistv5
Published
2011-03-31 22:00
Modified
2024-08-06 22:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:32.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-3945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"name": "asterisk-handletcptlsconnection-dos(66140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "FEDORA-2011-3942",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"name": "[oss-security] 20110317 CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
},
{
"name": "FEDORA-2011-3958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"name": "ADV-2011-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"name": "ADV-2011-0790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"name": "1025224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025224"
},
{
"name": "46898",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46898"
},
{
"name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-3945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"name": "asterisk-handletcptlsconnection-dos(66140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "FEDORA-2011-3942",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"name": "[oss-security] 20110317 CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
},
{
"name": "FEDORA-2011-3958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"name": "ADV-2011-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"name": "ADV-2011-0790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"name": "1025224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025224"
},
{
"name": "46898",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46898"
},
{
"name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1175",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:21:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8412 (GCVE-0-2014-8412)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8412",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from cvelistv5
Published
2022-04-15 00:00
Modified
2024-08-03 05:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7284 (GCVE-0-2018-7284)
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"name": "44184",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "103151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"name": "1040416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"name": "44184",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "103151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"name": "1040416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"name": "44184",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "103151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103151"
},
{
"name": "1040416",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7284",
"datePublished": "2018-02-22T00:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15297 (GCVE-0-2019-15297)
Vulnerability from cvelistv5
Published
2019-09-09 20:48
Modified
2024-08-05 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
},
{
"name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T06:37:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
},
{
"name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
},
{
"name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Mar/5"
},
{
"name": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15297",
"datePublished": "2019-09-09T20:48:12",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T00:42:03.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17090 (GCVE-0-2017-17090)
Vulnerability from cvelistv5
Published
2017-12-02 00:00
Modified
2024-08-05 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039948",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-09T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039948",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102023"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27452",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2017-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17090",
"datePublished": "2017-12-02T00:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3863 (GCVE-0-2012-3863)
Vulnerability from cvelistv5
Published
2012-07-09 10:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:03.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19992",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3863",
"datePublished": "2012-07-09T10:00:00",
"dateReserved": "2012-07-06T00:00:00",
"dateUpdated": "2024-08-06T20:21:03.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31878 (GCVE-0-2021-31878)
Vulnerability from cvelistv5
Published
2021-07-27 05:17
Modified
2024-08-03 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T11:10:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31878",
"datePublished": "2021-07-27T05:17:05",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2898 (GCVE-0-2006-2898)
Vulnerability from cvelistv5
Published
2006-06-07 10:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016236"
},
{
"name": "DSA-1126",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1126"
},
{
"name": "20899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20899"
},
{
"name": "20658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20658"
},
{
"name": "asterisk-iax2-videoframe-bo(27045)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
},
{
"name": "21222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/95"
},
{
"name": "GLSA-200606-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
},
{
"name": "18295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18295"
},
{
"name": "20497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20497"
},
{
"name": "20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
},
{
"name": "ADV-2006-2181",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2181"
},
{
"name": "SUSE-SR:2006:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016236"
},
{
"name": "DSA-1126",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1126"
},
{
"name": "20899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20899"
},
{
"name": "20658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20658"
},
{
"name": "asterisk-iax2-videoframe-bo(27045)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
},
{
"name": "21222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/95"
},
{
"name": "GLSA-200606-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
},
{
"name": "18295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18295"
},
{
"name": "20497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20497"
},
{
"name": "20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
},
{
"name": "ADV-2006-2181",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2181"
},
{
"name": "SUSE-SR:2006:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016236",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016236"
},
{
"name": "DSA-1126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1126"
},
{
"name": "20899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20899"
},
{
"name": "20658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20658"
},
{
"name": "asterisk-iax2-videoframe-bo(27045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
},
{
"name": "21222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21222"
},
{
"name": "http://www.asterisk.org/node/95",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/95"
},
{
"name": "GLSA-200606-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
},
{
"name": "18295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18295"
},
{
"name": "20497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20497"
},
{
"name": "20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
},
{
"name": "ADV-2006-2181",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2181"
},
{
"name": "SUSE-SR:2006:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2898",
"datePublished": "2006-06-07T10:00:00",
"dateReserved": "2006-06-07T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3727 (GCVE-0-2009-3727)
Vulnerability from cvelistv5
Published
2009-11-10 18:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37265"
},
{
"name": "FEDORA-2009-11126",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
},
{
"name": "37479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37479"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
},
{
"name": "36924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36924"
},
{
"name": "FEDORA-2009-11070",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
},
{
"name": "59697",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/59697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
},
{
"name": "1023133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "37265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37265"
},
{
"name": "FEDORA-2009-11126",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
},
{
"name": "37479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37479"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
},
{
"name": "36924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36924"
},
{
"name": "FEDORA-2009-11070",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
},
{
"name": "59697",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/59697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
},
{
"name": "1023133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023133"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3727",
"datePublished": "2009-11-10T18:00:00",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3559 (GCVE-0-2005-3559)
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15336"
},
{
"name": "19872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19872"
},
{
"name": "asterisk-vmail-obtain-information(23002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
},
{
"name": "20051107 Asterisk vmail.cgi vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
},
{
"name": "17459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17459"
},
{
"name": "ADV-2005-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2346"
},
{
"name": "DSA-1048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "1015164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015164"
},
{
"name": "20577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15336"
},
{
"name": "19872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19872"
},
{
"name": "asterisk-vmail-obtain-information(23002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
},
{
"name": "20051107 Asterisk vmail.cgi vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
},
{
"name": "17459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17459"
},
{
"name": "ADV-2005-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2346"
},
{
"name": "DSA-1048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "1015164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015164"
},
{
"name": "20577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15336"
},
{
"name": "19872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19872"
},
{
"name": "asterisk-vmail-obtain-information(23002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
},
{
"name": "20051107 Asterisk vmail.cgi vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
},
{
"name": "http://www.assurance.com.au/advisories/200511-asterisk.txt",
"refsource": "MISC",
"url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
},
{
"name": "17459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17459"
},
{
"name": "ADV-2005-2346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2346"
},
{
"name": "DSA-1048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "1015164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015164"
},
{
"name": "20577",
"refsource": "OSVDB",
"url": "http://osvdb.org/20577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3559",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2232 (GCVE-0-2016-2232)
Vulnerability from cvelistv5
Published
2016-02-22 15:05
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"name": "1034931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034931"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"name": "1034931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034931"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"name": "1034931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034931"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2232",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-07T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0495 (GCVE-0-2011-0495)
Vulnerability from cvelistv5
Published
2011-01-20 18:00
Modified
2024-08-06 21:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:24.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0159",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0159"
},
{
"name": "FEDORA-2011-0794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"name": "43373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43373"
},
{
"name": "ADV-2011-0449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0449"
},
{
"name": "70518",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70518"
},
{
"name": "45839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45839"
},
{
"name": "ADV-2011-0281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0281"
},
{
"name": "FEDORA-2011-0774",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"name": "DSA-2171",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2171"
},
{
"name": "43119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43119"
},
{
"name": "asterisk-asturiencode-bo(64831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"name": "42935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0159",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0159"
},
{
"name": "FEDORA-2011-0794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"name": "43373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43373"
},
{
"name": "ADV-2011-0449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0449"
},
{
"name": "70518",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70518"
},
{
"name": "45839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45839"
},
{
"name": "ADV-2011-0281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0281"
},
{
"name": "FEDORA-2011-0774",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"name": "DSA-2171",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2171"
},
{
"name": "43119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43119"
},
{
"name": "asterisk-asturiencode-bo(64831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"name": "42935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0159",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0159"
},
{
"name": "FEDORA-2011-0794",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"name": "43373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43373"
},
{
"name": "ADV-2011-0449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0449"
},
{
"name": "70518",
"refsource": "OSVDB",
"url": "http://osvdb.org/70518"
},
{
"name": "45839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45839"
},
{
"name": "ADV-2011-0281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0281"
},
{
"name": "FEDORA-2011-0774",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"name": "DSA-2171",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2171"
},
{
"name": "43119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43119"
},
{
"name": "asterisk-asturiencode-bo(64831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"name": "42935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0495",
"datePublished": "2011-01-20T18:00:00",
"dateReserved": "2011-01-19T00:00:00",
"dateUpdated": "2024-08-06T21:58:24.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1306 (GCVE-0-2007-1306)
Vulnerability from cvelistv5
Published
2007-03-07 00:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0830",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0830"
},
{
"name": "22838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22838"
},
{
"name": "33888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33888"
},
{
"name": "24578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://asterisk.org/node/48319"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://asterisk.org/node/48320"
},
{
"name": "24380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24380"
},
{
"name": "asterisk-sip-channeldriver-dos(32830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
},
{
"name": "GLSA-200703-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "1017723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017723"
},
{
"name": "VU#228032",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228032"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0830",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0830"
},
{
"name": "22838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22838"
},
{
"name": "33888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33888"
},
{
"name": "24578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://asterisk.org/node/48319"
},
{
"name": "SUSE-SA:2007:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://asterisk.org/node/48320"
},
{
"name": "24380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24380"
},
{
"name": "asterisk-sip-channeldriver-dos(32830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
},
{
"name": "GLSA-200703-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
},
{
"name": "25582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25582"
},
{
"name": "1017723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017723"
},
{
"name": "VU#228032",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228032"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0830",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0830"
},
{
"name": "22838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22838"
},
{
"name": "33888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33888"
},
{
"name": "24578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24578"
},
{
"name": "http://asterisk.org/node/48319",
"refsource": "CONFIRM",
"url": "http://asterisk.org/node/48319"
},
{
"name": "SUSE-SA:2007:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200703-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
},
{
"name": "http://asterisk.org/node/48320",
"refsource": "CONFIRM",
"url": "http://asterisk.org/node/48320"
},
{
"name": "24380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24380"
},
{
"name": "asterisk-sip-channeldriver-dos(32830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
},
{
"name": "GLSA-200703-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
},
{
"name": "25582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25582"
},
{
"name": "1017723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017723"
},
{
"name": "VU#228032",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228032"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1306",
"datePublished": "2007-03-07T00:00:00",
"dateReserved": "2007-03-06T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0761 (GCVE-0-2003-0761)
Vulnerability from cvelistv5
Published
2003-09-12 04:00
Modified
2024-09-17 03:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "A090403-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-09-12T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "A090403-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A090403-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0761",
"datePublished": "2003-09-12T04:00:00Z",
"dateReserved": "2003-09-05T00:00:00Z",
"dateUpdated": "2024-09-17T03:23:08.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0779 (GCVE-0-2003-0779)
Vulnerability from cvelistv5
Published
2003-09-12 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "A091103-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-05-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "A091103-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A091103-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0779",
"datePublished": "2003-09-12T04:00:00",
"dateReserved": "2003-09-11T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4055 (GCVE-0-2009-4055)
Vulnerability from cvelistv5
Published
2009-12-02 11:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37153"
},
{
"name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "1023249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023249"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "asterisk-rtp-comfortnoise-dos(54471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
},
{
"name": "37530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37530"
},
{
"name": "FEDORA-2009-12461",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/view.php?id=16242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
},
{
"name": "37708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37708"
},
{
"name": "60569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
},
{
"name": "ADV-2009-3368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37153"
},
{
"name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "1023249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023249"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "asterisk-rtp-comfortnoise-dos(54471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
},
{
"name": "37530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37530"
},
{
"name": "FEDORA-2009-12461",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/view.php?id=16242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
},
{
"name": "37708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37708"
},
{
"name": "60569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
},
{
"name": "ADV-2009-3368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37153"
},
{
"name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
},
{
"name": "37677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37677"
},
{
"name": "1023249",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023249"
},
{
"name": "DSA-1952",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "asterisk-rtp-comfortnoise-dos(54471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
},
{
"name": "37530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37530"
},
{
"name": "FEDORA-2009-12461",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
},
{
"name": "https://issues.asterisk.org/view.php?id=16242",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16242"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
},
{
"name": "37708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37708"
},
{
"name": "60569",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60569"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
},
{
"name": "ADV-2009-3368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3368"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4055",
"datePublished": "2009-12-02T11:00:00",
"dateReserved": "2009-11-23T00:00:00",
"dateUpdated": "2024-08-07T06:45:51.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from cvelistv5
Published
2022-04-15 00:00
Modified
2024-08-03 05:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5642 (GCVE-0-2013-5642)
Vulnerability from cvelistv5
Published
2013-09-09 17:00
Modified
2024-08-06 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"name": "1028957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028957"
},
{
"name": "62022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62022"
},
{
"name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"name": "1028957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028957"
},
{
"name": "62022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62022"
},
{
"name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96690",
"refsource": "OSVDB",
"url": "http://osvdb.org/96690"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"name": "54617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-22007",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"name": "1028957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028957"
},
{
"name": "62022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62022"
},
{
"name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"name": "MDVSA-2013:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5642",
"datePublished": "2013-09-09T17:00:00",
"dateReserved": "2013-08-28T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3553 (GCVE-0-2012-3553)
Vulnerability from cvelistv5
Published
2012-06-19 20:00
Modified
2024-09-17 04:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3553",
"datePublished": "2012-06-19T20:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-09-17T04:25:46.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26717 (GCVE-0-2021-26717)
Vulnerability from cvelistv5
Published
2021-02-18 19:39
Modified
2024-08-03 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-002.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29203",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"name": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26717",
"datePublished": "2021-02-18T19:39:46",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from cvelistv5
Published
2023-12-14 19:40
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5445 (GCVE-0-2006-5445)
Vulnerability from cvelistv5
Published
2006-10-23 17:00
Modified
2024-08-07 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "20835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20835"
},
{
"name": "SUSE-SA:2006:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "asterisk-channeldriver-dos(29664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "OpenPKG-SA-2006.024",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/110"
},
{
"name": "22979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/109"
},
{
"name": "29973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "20835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20835"
},
{
"name": "SUSE-SA:2006:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "asterisk-channeldriver-dos(29664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "OpenPKG-SA-2006.024",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/110"
},
{
"name": "22979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/109"
},
{
"name": "29973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4098"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "GLSA-200610-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "20835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20835"
},
{
"name": "SUSE-SA:2006:069",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "asterisk-channeldriver-dos(29664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
},
{
"name": "22651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22651"
},
{
"name": "OpenPKG-SA-2006.024",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"name": "http://www.asterisk.org/node/110",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/110"
},
{
"name": "22979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22979"
},
{
"name": "http://www.asterisk.org/node/109",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/109"
},
{
"name": "29973",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5445",
"datePublished": "2006-10-23T17:00:00",
"dateReserved": "2006-10-23T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14603 (GCVE-0-2017-14603)
Vulnerability from cvelistv5
Published
2017-10-09 14:00
Modified
2024-08-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27274",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14603",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2017-09-19T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2289 (GCVE-0-2014-2289)
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-18T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23139",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2289",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2014-03-05T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17850 (GCVE-0-2017-17850)
Vulnerability from cvelistv5
Published
2017-12-23 00:00
Modified
2024-08-05 21:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"name": "1040056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"name": "1040056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27480",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"name": "1040056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040056"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-014.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17850",
"datePublished": "2017-12-23T00:00:00",
"dateReserved": "2017-12-22T00:00:00",
"dateUpdated": "2024-08-05T21:06:49.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7100 (GCVE-0-2013-7100)
Vulnerability from cvelistv5
Published
2013-12-19 22:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2013:300",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"name": "56294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"name": "1029499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029499"
},
{
"name": "101100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101100"
},
{
"name": "DSA-2835",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"name": "64364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64364"
},
{
"name": "asterisk-sms-message-dos(89825)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2013:300",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"name": "56294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"name": "1029499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029499"
},
{
"name": "101100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101100"
},
{
"name": "DSA-2835",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"name": "64364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64364"
},
{
"name": "asterisk-sms-message-dos(89825)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:300",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-22590",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"name": "56294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56294"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"name": "1029499",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029499"
},
{
"name": "101100",
"refsource": "OSVDB",
"url": "http://osvdb.org/101100"
},
{
"name": "DSA-2835",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"name": "64364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64364"
},
{
"name": "asterisk-sms-message-dos(89825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7100",
"datePublished": "2013-12-19T22:00:00",
"dateReserved": "2013-12-13T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35652 (GCVE-0-2020-35652)
Vulnerability from cvelistv5
Published
2021-01-29 07:22
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T07:24:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29219",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29191",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2020-004.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2020-003.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35652",
"datePublished": "2021-01-29T07:22:40",
"dateReserved": "2020-12-23T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2651 (GCVE-0-2009-2651)
Vulnerability from cvelistv5
Published
2009-07-30 19:08
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022608",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022608"
},
{
"name": "56571",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
},
{
"name": "asterisk-rtp-dos(52046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
},
{
"name": "35837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35837"
},
{
"name": "36039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36039"
},
{
"name": "ADV-2009-2067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022608",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022608"
},
{
"name": "56571",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
},
{
"name": "asterisk-rtp-dos(52046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
},
{
"name": "35837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35837"
},
{
"name": "36039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36039"
},
{
"name": "ADV-2009-2067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022608"
},
{
"name": "56571",
"refsource": "OSVDB",
"url": "http://osvdb.org/56571"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt",
"refsource": "MISC",
"url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
},
{
"name": "asterisk-rtp-dos(52046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
},
{
"name": "35837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35837"
},
{
"name": "36039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36039"
},
{
"name": "ADV-2009-2067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2651",
"datePublished": "2009-07-30T19:08:00",
"dateReserved": "2009-07-30T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4598 (GCVE-0-2011-4598)
Vulnerability from cvelistv5
Published
2011-12-15 02:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"name": "47273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47273"
},
{
"name": "77598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
},
{
"name": "DSA-2367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-01T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"name": "47273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47273"
},
{
"name": "77598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
},
{
"name": "DSA-2367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2367"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4598",
"datePublished": "2011-12-15T02:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35776 (GCVE-0-2020-35776)
Vulnerability from cvelistv5
Published
2021-02-18 19:57
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/"
},
{
"name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/57"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/"
},
{
"name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/57"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/",
"refsource": "MISC",
"url": "https://issues.asterisk.org/"
},
{
"name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/57"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-001.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29227",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
},
{
"name": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35776",
"datePublished": "2021-02-18T19:57:57",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32558 (GCVE-0-2021-32558)
Vulnerability from cvelistv5
Published
2021-07-27 05:19
Modified
2024-08-03 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32558",
"datePublished": "2021-07-27T05:19:34",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from cvelistv5
Published
2022-04-15 00:00
Modified
2024-08-03 05:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4597 (GCVE-0-2011-4597)
Vulnerability from cvelistv5
Published
2011-12-15 02:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
},
{
"name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"name": "47273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47273"
},
{
"name": "20111222 Exploit for Asterisk Security Advisory AST-2011-013",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
},
{
"name": "DSA-2367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2367"
},
{
"name": "[asterisk-dev] 20111108 Summary: SIP, NAT, security concerns, oh my!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-01T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "77597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
},
{
"name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"name": "47273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47273"
},
{
"name": "20111222 Exploit for Asterisk Security Advisory AST-2011-013",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
},
{
"name": "DSA-2367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2367"
},
{
"name": "[asterisk-dev] 20111108 Summary: SIP, NAT, security concerns, oh my!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4597",
"datePublished": "2011-12-15T02:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2529 (GCVE-0-2011-2529)
Vulnerability from cvelistv5
Published
2011-07-06 19:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:22.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-sipsockread-dos(68203)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
},
{
"name": "73307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73307"
},
{
"name": "48431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48431"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
},
{
"name": "45239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
},
{
"name": "DSA-2276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "45048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45048"
},
{
"name": "1025706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025706"
},
{
"name": "45201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle \u0027\\0\u0027 characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-sipsockread-dos(68203)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
},
{
"name": "73307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73307"
},
{
"name": "48431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48431"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
},
{
"name": "45239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
},
{
"name": "DSA-2276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "45048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45048"
},
{
"name": "1025706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025706"
},
{
"name": "45201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45201"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle \u0027\\0\u0027 characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-sipsockread-dos(68203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
},
{
"name": "73307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73307"
},
{
"name": "48431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48431"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
},
{
"name": "45239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45239"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
},
{
"name": "DSA-2276",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "45048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45048"
},
{
"name": "1025706",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025706"
},
{
"name": "45201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45201"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2529",
"datePublished": "2011-07-06T19:00:00",
"dateReserved": "2011-06-16T00:00:00",
"dateUpdated": "2024-08-06T23:08:22.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14099 (GCVE-0-2017-14099)
Vulnerability from cvelistv5
Published
2017-09-02 16:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "1039251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/873907"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rtpbleed.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "1039251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/873907"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rtpbleed.com"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"name": "DSA-3964",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "1039251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039251"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"name": "https://bugs.debian.org/873907",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/873907"
},
{
"name": "https://rtpbleed.com",
"refsource": "MISC",
"url": "https://rtpbleed.com"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14099",
"datePublished": "2017-09-02T16:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8414 (GCVE-0-2014-8414)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-014.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8414",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2665 (GCVE-0-2011-2665)
Vulnerability from cvelistv5
Published
2011-07-06 19:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
},
{
"name": "45239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45239"
},
{
"name": "DSA-2276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
},
{
"name": "45048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45048"
},
{
"name": "45201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a \u003c (less than) character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
},
{
"name": "45239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45239"
},
{
"name": "DSA-2276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
},
{
"name": "45048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45048"
},
{
"name": "45201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45201"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a \u003c (less than) character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
},
{
"name": "45239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45239"
},
{
"name": "DSA-2276",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"name": "FEDORA-2011-8914",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
},
{
"name": "45048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45048"
},
{
"name": "45201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45201"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2665",
"datePublished": "2011-07-06T19:00:00",
"dateReserved": "2011-07-06T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5641 (GCVE-0-2013-5641)
Vulnerability from cvelistv5
Published
2013-09-09 17:00
Modified
2024-08-06 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96691"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"name": "62021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62021"
},
{
"name": "1028956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96691"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"name": "62021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62021"
},
{
"name": "1028956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96691",
"refsource": "OSVDB",
"url": "http://osvdb.org/96691"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"name": "54617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"name": "62021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62021"
},
{
"name": "1028956",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028956"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21064",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"name": "MDVSA-2013:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5641",
"datePublished": "2013-09-09T17:00:00",
"dateReserved": "2013-08-28T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4046 (GCVE-0-2014-4046)
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:27.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4046",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:27.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1507 (GCVE-0-2011-1507)
Vulnerability from cvelistv5
Published
2011-04-27 00:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"name": "FEDORA-2011-5835",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "1025432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025432"
},
{
"name": "ADV-2011-1086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name": "ADV-2011-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name": "44529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44529"
},
{
"name": "FEDORA-2011-6208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
},
{
"name": "44197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-1188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"name": "FEDORA-2011-5835",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "1025432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025432"
},
{
"name": "ADV-2011-1086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name": "ADV-2011-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name": "44529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44529"
},
{
"name": "FEDORA-2011-6208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
},
{
"name": "44197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"name": "FEDORA-2011-5835",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name": "DSA-2225",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "1025432",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025432"
},
{
"name": "ADV-2011-1086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name": "ADV-2011-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name": "44529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44529"
},
{
"name": "FEDORA-2011-6208",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2011-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=698916",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
},
{
"name": "44197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1507",
"datePublished": "2011-04-27T00:00:00",
"dateReserved": "2011-03-23T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16671 (GCVE-0-2017-16671)
Vulnerability from cvelistv5
Published
2017-11-09 00:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101760"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2017-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27337",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16671",
"datePublished": "2017-11-09T00:00:00",
"dateReserved": "2017-11-08T00:00:00",
"dateUpdated": "2024-08-05T20:35:19.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18790 (GCVE-0-2019-18790)
Vulnerability from cvelistv5
Published
2019-11-22 16:22
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:38.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-006.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18790",
"datePublished": "2019-11-22T16:22:55",
"dateReserved": "2019-11-06T00:00:00",
"dateUpdated": "2024-08-05T02:02:38.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2726 (GCVE-0-2009-2726)
Vulnerability from cvelistv5
Published
2009-08-12 10:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt",
"refsource": "MISC",
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2726",
"datePublished": "2009-08-12T10:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6170 (GCVE-0-2007-6170)
Vulnerability from cvelistv5
Published
2007-11-30 01:00
Modified
2024-08-07 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29242"
},
{
"name": "27892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27892"
},
{
"name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "1019020",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019020"
},
{
"name": "26647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26647"
},
{
"name": "DSA-1417",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1417"
},
{
"name": "27827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27827"
},
{
"name": "asterisk-cdrpqsql-sql-injection(38765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
},
{
"name": "ADV-2007-4056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29242"
},
{
"name": "27892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27892"
},
{
"name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "1019020",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019020"
},
{
"name": "26647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26647"
},
{
"name": "DSA-1417",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1417"
},
{
"name": "27827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27827"
},
{
"name": "asterisk-cdrpqsql-sql-injection(38765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
},
{
"name": "ADV-2007-4056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"name": "29242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29242"
},
{
"name": "27892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27892"
},
{
"name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2007-026.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
},
{
"name": "SUSE-SR:2008:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "1019020",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019020"
},
{
"name": "26647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26647"
},
{
"name": "DSA-1417",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1417"
},
{
"name": "27827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27827"
},
{
"name": "asterisk-cdrpqsql-sql-injection(38765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
},
{
"name": "ADV-2007-4056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6170",
"datePublished": "2007-11-30T01:00:00",
"dateReserved": "2007-11-29T00:00:00",
"dateUpdated": "2024-08-07T15:54:26.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1827 (GCVE-0-2006-1827)
Vulnerability from cvelistv5
Published
2006-04-18 20:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19872"
},
{
"name": "ADV-2006-1478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1478"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"name": "DSA-1048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "17561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"name": "19800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19800"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19872"
},
{
"name": "ADV-2006-1478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1478"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"name": "DSA-1048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "17561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"name": "19800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19800"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19872"
},
{
"name": "ADV-2006-1478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1478"
},
{
"name": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory",
"refsource": "MISC",
"url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"name": "DSA-1048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"name": "17561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17561"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"name": "19800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19800"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1827",
"datePublished": "2006-04-18T20:00:00",
"dateReserved": "2006-04-18T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1599 (GCVE-0-2011-1599)
Vulnerability from cvelistv5
Published
2011-04-27 00:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"name": "FEDORA-2011-5835",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "[oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/22/6"
},
{
"name": "47537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47537"
},
{
"name": "ADV-2011-1086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name": "1025433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025433"
},
{
"name": "ADV-2011-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name": "44529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44529"
},
{
"name": "FEDORA-2011-6208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
},
{
"name": "44197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-1188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"name": "FEDORA-2011-5835",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "[oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/22/6"
},
{
"name": "47537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47537"
},
{
"name": "ADV-2011-1086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name": "1025433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025433"
},
{
"name": "ADV-2011-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name": "44529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44529"
},
{
"name": "FEDORA-2011-6208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
},
{
"name": "44197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1599",
"datePublished": "2011-04-27T00:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4346 (GCVE-0-2006-4346)
Vulnerability from cvelistv5
Published
2006-08-24 20:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-record-code-execution(28544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
},
{
"name": "ADV-2006-3372",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "asterisk-record-directory-traversal(28564)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sineapps.com/news.php?rssid=1448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-record-code-execution(28544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
},
{
"name": "ADV-2006-3372",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "asterisk-record-directory-traversal(28564)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sineapps.com/news.php?rssid=1448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-record-code-execution(28544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
},
{
"name": "ADV-2006-3372",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "asterisk-record-directory-traversal(28564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200608-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"name": "http://www.sineapps.com/news.php?rssid=1448",
"refsource": "CONFIRM",
"url": "http://www.sineapps.com/news.php?rssid=1448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4346",
"datePublished": "2006-08-24T20:00:00",
"dateReserved": "2006-08-24T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2316 (GCVE-0-2016-2316)
Vulnerability from cvelistv5
Published
2016-02-22 15:05
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82651",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"name": "1034930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034930"
},
{
"name": "FEDORA-2016-3cc13611f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"name": "FEDORA-2016-153eed2bb8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "82651",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"name": "1034930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034930"
},
{
"name": "FEDORA-2016-3cc13611f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"name": "FEDORA-2016-153eed2bb8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82651"
},
{
"name": "1034930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034930"
},
{
"name": "FEDORA-2016-3cc13611f4",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"name": "FEDORA-2016-153eed2bb8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2316",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-11T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12227 (GCVE-0-2018-12227)
Vulnerability from cvelistv5
Published
2018-06-12 04:00
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"name": "104455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"name": "104455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27818",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"name": "104455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104455"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12227",
"datePublished": "2018-06-12T04:00:00",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7251 (GCVE-0-2019-7251)
Vulnerability from cvelistv5
Published
2019-03-28 16:18
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T16:18:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28260",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2019-001.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7251",
"datePublished": "2019-03-28T16:18:45",
"dateReserved": "2019-01-31T00:00:00",
"dateUpdated": "2024-08-04T20:46:45.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9937 (GCVE-0-2016-9937)
Vulnerability from cvelistv5
Published
2016-12-12 21:00
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94792"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
},
{
"name": "1037407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94792"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
},
{
"name": "1037407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94792"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-26579",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
},
{
"name": "1037407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9937",
"datePublished": "2016-12-12T21:00:00",
"dateReserved": "2016-12-12T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0685 (GCVE-0-2010-0685)
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt",
"refsource": "MISC",
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38641"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2010-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0685",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-02-22T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2666 (GCVE-0-2011-2666)
Vulnerability from cvelistv5
Published
2011-07-06 19:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-sip-channel-info-disclosure(68472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-sip-channel-info-disclosure(68472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-sip-channel-info-disclosure(68472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2666",
"datePublished": "2011-07-06T19:00:00",
"dateReserved": "2011-07-06T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26713 (GCVE-0-2021-26713)
Vulnerability from cvelistv5
Published
2021-02-19 19:30
Modified
2024-08-03 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T19:30:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26713",
"datePublished": "2021-02-19T19:30:30",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2216 (GCVE-0-2011-2216)
Vulnerability from cvelistv5
Published
2011-06-06 19:00
Modified
2024-08-06 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110602 AST-2011-007",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
},
{
"name": "44828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44828"
},
{
"name": "FEDORA-2011-8983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
},
{
"name": "FEDORA-2011-8319",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
},
{
"name": "1025598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
},
{
"name": "72752",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72752"
},
{
"name": "48096",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48096"
},
{
"name": "asterisk-parseurifull-dos(67812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110602 AST-2011-007",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
},
{
"name": "44828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44828"
},
{
"name": "FEDORA-2011-8983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
},
{
"name": "FEDORA-2011-8319",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
},
{
"name": "1025598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
},
{
"name": "72752",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72752"
},
{
"name": "48096",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48096"
},
{
"name": "asterisk-parseurifull-dos(67812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110602 AST-2011-007",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
},
{
"name": "44828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44828"
},
{
"name": "FEDORA-2011-8983",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
},
{
"name": "FEDORA-2011-8319",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
},
{
"name": "1025598",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025598"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2011-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
},
{
"name": "72752",
"refsource": "OSVDB",
"url": "http://osvdb.org/72752"
},
{
"name": "48096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48096"
},
{
"name": "asterisk-parseurifull-dos(67812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2216",
"datePublished": "2011-06-06T19:00:00",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1224 (GCVE-0-2010-1224)
Vulnerability from cvelistv5
Published
2010-04-01 21:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
},
{
"name": "ADV-2010-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
},
{
"name": "62588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62588"
},
{
"name": "asterisk-cidr-security-bypass(56552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
},
{
"name": "38424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38424"
},
{
"name": "38752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
},
{
"name": "ADV-2010-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
},
{
"name": "62588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62588"
},
{
"name": "asterisk-cidr-security-bypass(56552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
},
{
"name": "38424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38424"
},
{
"name": "38752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
},
{
"name": "39096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
},
{
"name": "ADV-2010-0475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0475"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
},
{
"name": "62588",
"refsource": "OSVDB",
"url": "http://osvdb.org/62588"
},
{
"name": "asterisk-cidr-security-bypass(56552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
},
{
"name": "38424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38424"
},
{
"name": "38752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1224",
"datePublished": "2010-04-01T21:00:00",
"dateReserved": "2010-04-01T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3008 (GCVE-0-2015-3008)
Vulnerability from cvelistv5
Published
2015-04-10 14:00
Modified
2024-08-06 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:21.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"name": "74022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74022"
},
{
"name": "MDVSA-2015:206",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"name": "1032052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "FEDORA-2015-5948",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"name": "74022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74022"
},
{
"name": "MDVSA-2015:206",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"name": "1032052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "FEDORA-2015-5948",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"name": "74022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74022"
},
{
"name": "MDVSA-2015:206",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0153.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"name": "1032052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032052"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2015-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "FEDORA-2015-5948",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3008",
"datePublished": "2015-04-10T14:00:00",
"dateReserved": "2015-04-08T00:00:00",
"dateUpdated": "2024-08-06T05:32:21.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6609 (GCVE-0-2014-6609)
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:24:34.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-26T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6609",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-09-18T00:00:00",
"dateUpdated": "2024-08-06T12:24:34.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19278 (GCVE-0-2018-19278)
Vulnerability from cvelistv5
Published
2018-11-14 20:00
Modified
2024-09-16 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/AST-2018-010.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28127",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19278",
"datePublished": "2018-11-14T20:00:00Z",
"dateReserved": "2018-11-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:39:00.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4047 (GCVE-0-2014-4047)
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4047",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4045 (GCVE-0-2014-4045)
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140612 AST-2014-005: Remote Crash in PJSIP Channel Driver\u0027s Publish/Subscribe Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140612 AST-2014-005: Remote Crash in PJSIP Channel Driver\u0027s Publish/Subscribe Framework",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140612 AST-2014-005: Remote Crash in PJSIP Channel Driver\u0027s Publish/Subscribe Framework",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4045",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5358 (GCVE-0-2007-5358)
Vulnerability from cvelistv5
Published
2007-10-12 23:00
Modified
2024-08-07 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:57.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
},
{
"name": "38201",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38201"
},
{
"name": "asterisk-contentheader-bo(37052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
},
{
"name": "38202",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38202"
},
{
"name": "27184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27184"
},
{
"name": "1018804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018804"
},
{
"name": "26005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26005"
},
{
"name": "asterisk-sprintf-bo(37051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
},
{
"name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
},
{
"name": "ADV-2007-3454",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
},
{
"name": "38201",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38201"
},
{
"name": "asterisk-contentheader-bo(37052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
},
{
"name": "38202",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38202"
},
{
"name": "27184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27184"
},
{
"name": "1018804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018804"
},
{
"name": "26005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26005"
},
{
"name": "asterisk-sprintf-bo(37051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
},
{
"name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
},
{
"name": "ADV-2007-3454",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2007-022.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
},
{
"name": "38201",
"refsource": "OSVDB",
"url": "http://osvdb.org/38201"
},
{
"name": "asterisk-contentheader-bo(37052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
},
{
"name": "38202",
"refsource": "OSVDB",
"url": "http://osvdb.org/38202"
},
{
"name": "27184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27184"
},
{
"name": "1018804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018804"
},
{
"name": "26005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26005"
},
{
"name": "asterisk-sprintf-bo(37051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
},
{
"name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
},
{
"name": "ADV-2007-3454",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5358",
"datePublished": "2007-10-12T23:00:00",
"dateReserved": "2007-10-10T00:00:00",
"dateUpdated": "2024-08-07T15:31:57.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1183 (GCVE-0-2012-1183)
Vulnerability from cvelistv5
Published
2012-09-18 18:00
Modified
2024-08-06 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
},
{
"name": "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
},
{
"name": "80125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80125"
},
{
"name": "52523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52523"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"name": "48417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48417"
},
{
"name": "asterisk-milliwattgenerate-dos(74082)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
},
{
"name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
},
{
"name": "1026812",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
},
{
"name": "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
},
{
"name": "80125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80125"
},
{
"name": "52523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52523"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"name": "48417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48417"
},
{
"name": "asterisk-milliwattgenerate-dos(74082)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
},
{
"name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
},
{
"name": "1026812",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026812"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1183",
"datePublished": "2012-09-18T18:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:53:35.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1184 (GCVE-0-2012-1184)
Vulnerability from cvelistv5
Published
2012-09-18 18:00
Modified
2024-08-06 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"name": "48417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48417"
},
{
"name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
},
{
"name": "80126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80126"
},
{
"name": "1026813",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026813"
},
{
"name": "asterisk-astparsedigest-bo(74083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"name": "48417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48417"
},
{
"name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
},
{
"name": "80126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80126"
},
{
"name": "1026813",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026813"
},
{
"name": "asterisk-astparsedigest-bo(74083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1184",
"datePublished": "2012-09-18T18:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:53:35.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1174 (GCVE-0-2011-1174)
Vulnerability from cvelistv5
Published
2011-03-31 22:00
Modified
2024-08-06 22:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-3945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "FEDORA-2011-3942",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
},
{
"name": "[oss-security] 20110317 CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"name": "46897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46897"
},
{
"name": "asterisk-writes-dos(66139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
},
{
"name": "FEDORA-2011-3958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"name": "ADV-2011-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"name": "ADV-2011-0790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"name": "1025223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025223"
},
{
"name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-3945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "FEDORA-2011-3942",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
},
{
"name": "[oss-security] 20110317 CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"name": "46897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46897"
},
{
"name": "asterisk-writes-dos(66139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
},
{
"name": "FEDORA-2011-3958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"name": "ADV-2011-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"name": "ADV-2011-0790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"name": "1025223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025223"
},
{
"name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1174",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4048 (GCVE-0-2014-4048)
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140612 AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140612 AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140612 AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4048",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8418 (GCVE-0-2014-8418)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-018.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8418",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9374 (GCVE-0-2014-9374)
Vulnerability from cvelistv5
Published
2014-12-12 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"name": "MDVSA-2015:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"name": "71607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71607"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"name": "60251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60251"
},
{
"name": "1031345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"name": "MDVSA-2015:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"name": "71607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71607"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"name": "60251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60251"
},
{
"name": "1031345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2015-0010.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-019.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"name": "MDVSA-2015:018",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"name": "71607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71607"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"name": "60251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60251"
},
{
"name": "1031345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9374",
"datePublished": "2014-12-12T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2081 (GCVE-0-2005-2081)
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050622 Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
},
{
"name": "asterisk-manager-interface-bo(21115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the \u0027write = command\u0027 option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050622 Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
},
{
"name": "asterisk-manager-interface-bo(21115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the \u0027write = command\u0027 option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050622 Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
},
{
"name": "asterisk-manager-interface-bo(21115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
},
{
"name": "http://www.portcullis-security.com/advisory/advisory-05-013.txt",
"refsource": "MISC",
"url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2081",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4737 (GCVE-0-2012-4737)
Vulnerability from cvelistv5
Published
2012-08-31 14:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "1027461",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "55335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "1027461",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "55335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "1027461",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "55335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4737",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-08-30T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7286 (GCVE-0-2018-7286)
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"name": "44181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"name": "1040417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"name": "103129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"name": "44181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"name": "1040417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"name": "103129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27618",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"name": "44181",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"name": "1040417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040417"
},
{
"name": "103129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7286",
"datePublished": "2018-02-22T00:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4345 (GCVE-0-2006-4345)
Vulnerability from cvelistv5
Published
2006-08-24 20:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3372",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"name": "asterisk-mgcp-bo(28542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"name": "21600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3372",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"name": "asterisk-mgcp-bo(28542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"name": "21600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3372",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200608-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"name": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"name": "asterisk-mgcp-bo(28542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
},
{
"name": "http://www.sineapps.com/news.php?rssid=1448",
"refsource": "CONFIRM",
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"name": "21600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4345",
"datePublished": "2006-08-24T20:00:00",
"dateReserved": "2006-08-24T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5977 (GCVE-0-2012-5977)
Vulnerability from cvelistv5
Published
2013-01-04 15:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20175",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-015",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5977",
"datePublished": "2013-01-04T15:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15639 (GCVE-0-2019-15639)
Vulnerability from cvelistv5
Published
2019-09-09 12:50
Modified
2024-08-05 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-09T12:50:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15639",
"datePublished": "2019-09-09T12:50:30",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4103 (GCVE-0-2007-4103)
Vulnerability from cvelistv5
Published
2007-07-31 10:00
Modified
2024-08-07 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "1018472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018472"
},
{
"name": "ADV-2007-2701",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2701"
},
{
"name": "20070729 ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
},
{
"name": "2960",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
},
{
"name": "38197",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38197"
},
{
"name": "26274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "1018472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018472"
},
{
"name": "ADV-2007-2701",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2701"
},
{
"name": "20070729 ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
},
{
"name": "2960",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
},
{
"name": "38197",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38197"
},
{
"name": "26274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "1018472",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018472"
},
{
"name": "ADV-2007-2701",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2701"
},
{
"name": "20070729 ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
},
{
"name": "2960",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2960"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
},
{
"name": "38197",
"refsource": "OSVDB",
"url": "http://osvdb.org/38197"
},
{
"name": "26274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4103",
"datePublished": "2007-07-31T10:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9938 (GCVE-0-2016-9938)
Vulnerability from cvelistv5
Published
2016-12-12 21:00
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"name": "94789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"name": "1037408",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"name": "94789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"name": "1037408",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"name": "94789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94789"
},
{
"name": "1037408",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9938",
"datePublished": "2016-12-12T21:00:00",
"dateReserved": "2016-12-12T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17664 (GCVE-0-2017-17664)
Vulnerability from cvelistv5
Published
2017-12-13 20:00
Modified
2024-08-05 20:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"name": "102201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"name": "1040009",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"name": "102201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"name": "1040009",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2017-012.html",
"refsource": "MISC",
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27429",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"name": "102201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102201"
},
{
"name": "1040009",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040009"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27382",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17664",
"datePublished": "2017-12-13T20:00:00",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0871 (GCVE-0-2009-0871)
Vulnerability from cvelistv5
Published
2009-03-11 14:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52568",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52568"
},
{
"name": "34070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34070"
},
{
"name": "1021834",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021834"
},
{
"name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=14417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=13547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
},
{
"name": "ADV-2009-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0667"
},
{
"name": "34229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52568",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52568"
},
{
"name": "34070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34070"
},
{
"name": "1021834",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021834"
},
{
"name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.digium.com/view.php?id=14417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.digium.com/view.php?id=13547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
},
{
"name": "ADV-2009-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0667"
},
{
"name": "34229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52568",
"refsource": "OSVDB",
"url": "http://osvdb.org/52568"
},
{
"name": "34070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34070"
},
{
"name": "1021834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021834"
},
{
"name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
},
{
"name": "http://bugs.digium.com/view.php?id=14417",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=14417"
},
{
"name": "http://bugs.digium.com/view.php?id=13547",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=13547"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
},
{
"name": "ADV-2009-0667",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0667"
},
{
"name": "34229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0871",
"datePublished": "2009-03-11T14:00:00",
"dateReserved": "2009-03-11T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1558 (GCVE-0-2015-1558)
Vulnerability from cvelistv5
Published
2015-02-09 11:00
Modified
2024-08-06 04:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
},
{
"name": "1031661",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031661"
},
{
"name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/116"
},
{
"name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
},
{
"name": "1031661",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031661"
},
{
"name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/116"
},
{
"name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2015-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
},
{
"name": "1031661",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031661"
},
{
"name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/116"
},
{
"name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1558",
"datePublished": "2015-02-09T11:00:00",
"dateReserved": "2015-02-08T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2286 (GCVE-0-2014-2286)
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-18T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23340",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2286",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2014-03-05T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1147 (GCVE-0-2011-1147)
Vulnerability from cvelistv5
Published
2011-03-15 17:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43702"
},
{
"name": "46474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46474"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "43429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43429"
},
{
"name": "FEDORA-2011-2438",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"name": "ADV-2011-0635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0635"
},
{
"name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"name": "FEDORA-2011-2360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"name": "FEDORA-2011-2558",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"name": "1025101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025101"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43702"
},
{
"name": "46474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46474"
},
{
"name": "DSA-2225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "43429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43429"
},
{
"name": "FEDORA-2011-2438",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"name": "ADV-2011-0635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0635"
},
{
"name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"name": "FEDORA-2011-2360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"name": "FEDORA-2011-2558",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"name": "1025101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025101"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43702"
},
{
"name": "46474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46474"
},
{
"name": "DSA-2225",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "43429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43429"
},
{
"name": "FEDORA-2011-2438",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"name": "ADV-2011-0635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0635"
},
{
"name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"name": "FEDORA-2011-2360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"name": "FEDORA-2011-2558",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"name": "1025101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025101"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1147",
"datePublished": "2011-03-15T17:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3812 (GCVE-0-2012-3812)
Vulnerability from cvelistv5
Published
2012-07-09 22:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:02.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "54317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54317"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "54317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54317"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "54317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54317"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20052",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3812",
"datePublished": "2012-07-09T22:00:00",
"dateReserved": "2012-06-27T00:00:00",
"dateUpdated": "2024-08-06T20:21:02.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8417 (GCVE-0-2014-8417)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-017.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8417",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7551 (GCVE-0-2016-7551)
Vulnerability from cvelistv5
Published
2017-04-17 16:00
Modified
2024-08-06 02:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-17T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-26272",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7551",
"datePublished": "2017-04-17T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:55.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2288 (GCVE-0-2014-2288)
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-18T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23210",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2288",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2014-03-05T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from cvelistv5
Published
2023-12-14 19:47
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6610 (GCVE-0-2014-6610)
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:24:34.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-26T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6610",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-09-18T00:00:00",
"dateUpdated": "2024-08-06T12:24:34.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17281 (GCVE-0-2018-17281)
Vulnerability from cvelistv5
Published
2018-09-24 22:00
Modified
2024-08-05 10:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041694",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "105389",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1041694",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "105389",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041694",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041694"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"name": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "105389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105389"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17281",
"datePublished": "2018-09-24T22:00:00",
"dateReserved": "2018-09-20T00:00:00",
"dateUpdated": "2024-08-05T10:47:04.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14100 (GCVE-0-2017-14100)
Vulnerability from cvelistv5
Published
2017-09-02 16:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"name": "1039252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/873908"
},
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"name": "1039252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/873908"
},
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27103",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"name": "1039252",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039252"
},
{
"name": "https://bugs.debian.org/873908",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/873908"
},
{
"name": "GLSA-201710-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "DSA-3964",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14100",
"datePublished": "2017-09-02T16:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7285 (GCVE-0-2018-7285)
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040415"
},
{
"name": "103149",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-27T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1040415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040415"
},
{
"name": "103149",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040415"
},
{
"name": "103149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103149"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7285",
"datePublished": "2018-02-22T00:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8416 (GCVE-0-2014-8416)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-016.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8416",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5444 (GCVE-0-2006-5444)
Vulnerability from cvelistv5
Published
2006-10-23 17:00
Modified
2024-08-07 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "DSA-1229",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "SUSE-SA:2006:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "20617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20617"
},
{
"name": "ADV-2006-4097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4097"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "29972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29972"
},
{
"name": "OpenPKG-SA-2006.024",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"name": "20061018 Asterisk remote heap overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"name": "23212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"name": "asterisk-getinput-code-execution(29663)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
},
{
"name": "VU#521252",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/521252"
},
{
"name": "1017089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017089"
},
{
"name": "22979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/109"
},
{
"name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "DSA-1229",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"name": "GLSA-200610-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "SUSE-SA:2006:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "20617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20617"
},
{
"name": "ADV-2006-4097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4097"
},
{
"name": "22651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22651"
},
{
"name": "29972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29972"
},
{
"name": "OpenPKG-SA-2006.024",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"name": "20061018 Asterisk remote heap overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"name": "23212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"name": "asterisk-getinput-code-execution(29663)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
},
{
"name": "VU#521252",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/521252"
},
{
"name": "1017089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017089"
},
{
"name": "22979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/109"
},
{
"name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22480"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"name": "DSA-1229",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"name": "GLSA-200610-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "SUSE-SA:2006:069",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"name": "20617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20617"
},
{
"name": "ADV-2006-4097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4097"
},
{
"name": "22651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22651"
},
{
"name": "29972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29972"
},
{
"name": "OpenPKG-SA-2006.024",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"name": "20061018 Asterisk remote heap overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"name": "23212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23212"
},
{
"name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"name": "asterisk-getinput-code-execution(29663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
},
{
"name": "VU#521252",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/521252"
},
{
"name": "1017089",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017089"
},
{
"name": "22979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22979"
},
{
"name": "http://www.asterisk.org/node/109",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/109"
},
{
"name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5444",
"datePublished": "2006-10-23T17:00:00",
"dateReserved": "2006-10-23T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5976 (GCVE-0-2012-5976)
Vulnerability from cvelistv5
Published
2013-01-04 11:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-014",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"name": "DSA-2605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5976",
"datePublished": "2013-01-04T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13161 (GCVE-0-2019-13161)
Vulnerability from cvelistv5
Published
2019-07-12 19:24
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2019-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28465",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13161",
"datePublished": "2019-07-12T19:24:37",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8413 (GCVE-0-2014-8413)
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-06T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8413",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6171 (GCVE-0-2007-6171)
Vulnerability from cvelistv5
Published
2007-11-30 01:00
Modified
2024-08-07 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38933",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38933"
},
{
"name": "1019021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019021"
},
{
"name": "20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
},
{
"name": "ADV-2007-4055",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
},
{
"name": "27873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27873"
},
{
"name": "26645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26645"
},
{
"name": "asterisk-resconfigpgsql-sql-injection(38766)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38933",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38933"
},
{
"name": "1019021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019021"
},
{
"name": "20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
},
{
"name": "ADV-2007-4055",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
},
{
"name": "27873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27873"
},
{
"name": "26645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26645"
},
{
"name": "asterisk-resconfigpgsql-sql-injection(38766)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38933",
"refsource": "OSVDB",
"url": "http://osvdb.org/38933"
},
{
"name": "1019021",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019021"
},
{
"name": "20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
},
{
"name": "ADV-2007-4055",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4055"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2007-025.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
},
{
"name": "27873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27873"
},
{
"name": "26645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26645"
},
{
"name": "asterisk-resconfigpgsql-sql-injection(38766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6171",
"datePublished": "2007-11-30T01:00:00",
"dateReserved": "2007-11-29T00:00:00",
"dateUpdated": "2024-08-07T15:54:26.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16672 (GCVE-0-2017-16672)
Vulnerability from cvelistv5
Published
2017-11-09 00:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"name": "101765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"name": "101765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2017-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"name": "101765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101765"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27345",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16672",
"datePublished": "2017-11-09T00:00:00",
"dateReserved": "2017-11-08T00:00:00",
"dateUpdated": "2024-08-05T20:35:19.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7550 (GCVE-0-2016-7550)
Vulnerability from cvelistv5
Published
2019-05-23 18:23
Modified
2024-08-06 02:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T18:23:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-006.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7550",
"datePublished": "2019-05-23T18:23:59",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:55.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26906 (GCVE-0-2021-26906)
Vulnerability from cvelistv5
Published
2021-02-18 19:50
Modified
2024-08-03 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-005.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29196",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"name": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26906",
"datePublished": "2021-02-18T19:50:04",
"dateReserved": "2021-02-08T00:00:00",
"dateUpdated": "2024-08-03T20:33:41.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from cvelistv5
Published
2023-12-14 19:43
Modified
2025-02-13 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-02-18 20:15
Modified
2024-11-21 05:28
Severity ?
Summary
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Feb/57 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-001.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/ | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29227 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Feb/57 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-001.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29227 | Exploit, Issue Tracking, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E99E69F-264A-4AD2-B507-02486117FA1C",
"versionEndIncluding": "13.38.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F7194B-B22A-4A28-98D2-5565442D8EF9",
"versionEndIncluding": "16.15.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6714BD-DBC8-4F8D-A7C9-C8A93FE7A73C",
"versionEndIncluding": "17.9.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFA54E-1555-4438-AAD3-DE033F33147F",
"versionEndIncluding": "18.1.1",
"versionStartIncluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones 13.38.1, 16.15.1, 17.9.1 y 18.1.1, permite a un atacante remoto bloquear Asterisk al hacer un uso inapropiado deliberadamente de las respuestas SIP 181"
}
],
"id": "CVE-2020-35776",
"lastModified": "2024-11-21T05:28:03.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T20:15:12.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/57"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-30 14:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2021-007.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/48 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://downloads.digium.com/pub/security/AST-2021-007.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29381 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2021-007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/48 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.digium.com/pub/security/AST-2021-007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29381 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:16.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4793E23F-97F7-4F87-B521-1718AA6FAD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E01BD9F9-857A-4114-80D6-9F43B230EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B876D8-5BE7-4F40-9692-4C7C6EE49611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:18.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78681A97-2B41-494E-AA7A-3BB953E8497B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:18.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54266F33-D604-491F-9891-C9D8A1B68135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:18.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC9EFF-8916-46E6-97ED-39035541E350",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
},
{
"lang": "es",
"value": "Se ha detectado un problema en PJSIP en Asterisk versiones anteriores a 16.19.1 y versiones anteriores a 18.5.1. Para explotarlo, se debe recibir un re-INVITE sin SDP despu\u00e9s de que Asterisk haya enviado una petici\u00f3n BYE"
}
],
"id": "CVE-2021-31878",
"lastModified": "2024-11-21T06:06:24.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:16.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-09 13:15
Modified
2024-11-21 04:29
Severity ?
Summary
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-005.html | Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3029AD-D0F4-47F2-9D4B-0A4ECDBC25F1",
"versionEndIncluding": "13.28.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "465E0365-BCFD-4444-A046-D0BD45E40309",
"versionEndIncluding": "16.5.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario."
},
{
"lang": "es",
"value": "El archivo main/translate.c en Sangoma Asterisk versiones 13.28.0 y 16.5.0, permite a un atacante remoto enviar un paquete RTP espec\u00edfico durante una llamada y causar un bloqueo en un escenario espec\u00edfico."
}
],
"id": "CVE-2019-15639",
"lastModified": "2024-11-21T04:29:10.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-09T13:15:11.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-14 20:15
Modified
2024-11-21 08:11
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh | Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | 21.0.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F",
"versionEndIncluding": "18.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2E162A-E994-4F25-AE13-D7C889394AC4",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; as\u00ed como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de \u0027actualizaci\u00f3n\u0027 de la funci\u00f3n de dialplan PJSIP_HEADER puede exceder el espacio de b\u00fafer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan est\u00e9 escrito expl\u00edcitamente para actualizar un encabezado en funci\u00f3n de datos de una fuente externa. Si no se utiliza la funcionalidad de \u0027actualizaci\u00f3n\u0027, la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"id": "CVE-2023-37457",
"lastModified": "2024-11-21T08:11:44.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T20:15:52.260",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-09 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2013-005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/96690 | ||
| cve@mitre.org | http://secunia.com/advisories/54534 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/54617 | ||
| cve@mitre.org | http://www.debian.org/security/2013/dsa-2749 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/62022 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1028957 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-22007 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2013-005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/96690 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54534 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2749 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028957 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-22007 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.12.0 | |
| digium | asterisk | 10.12.0 | |
| digium | asterisk | 10.12.0 | |
| digium | asterisk | 10.12.1 | |
| digium | asterisk | 10.12.2 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk_digiumphones | 10.0.0 | |
| digium | asterisk_digiumphones | 10.0.0 | |
| digium | asterisk_digiumphones | 10.0.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.12.0 | |
| digium | asterisk_digiumphones | 10.12.0 | |
| digium | asterisk_digiumphones | 10.12.0 | |
| digium | asterisk_digiumphones | 10.12.1 | |
| digium | asterisk_digiumphones | 10.12.2 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE78F4A2-B165-446C-AA1C-7A9E13718C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD97918-B589-4422-B695-C3C00203A3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1E59E84-F3FF-44FF-BC7D-31F3880E32F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D9C7006-F5B1-4171-BB44-182C39DE3AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D2B210-3ADA-40AD-A575-DB88A9F71C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7C53CD-260C-49F5-BCA4-E1D0A58E0B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB19B2F7-5685-449F-858C-C226D2A373B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D10B9E8C-3B72-490B-A276-A745299DA3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E63CF763-0682-4453-8D07-C9253C179486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDB7AA1-25A7-4BED-A875-C0494E973EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0BCE319-8C87-4521-BEAA-02F0EF47B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A2534F0-3DEE-4FCB-B15D-97D1836CE83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D3F38B78-8215-43D6-8C5C-6DB8E6C34F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B76B-4713-4281-AB4B-B17901121B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "08EE9963-2A44-48A0-8A1B-919CCE3652FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19C7B58B-6591-45B5-B527-50FA0A5BD1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05D3825F-3B95-4056-AF3C-43269734BA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "806F60DA-FAA1-4C13-889B-0FF518C01E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
},
{
"lang": "es",
"value": "El controlador de canal SIP (channels/chan_sip.c) en Asterisk Open Source 1.8.x (anteriores a 1.8.23.1), 10.x (anteriores a 10.12.3), y 11.x (anteriores a 11.5.1); Certified Asterisk 1.8.15 (anteriores a 1.8.15-cert3) y 11.2 (anteriores a 11.2-cert2); y Asterisk Digiumphones 10.x-digiumphones (anteriores a 10.12.3-digiumphones) permiten a un atcante remoto causar una denegaci\u00f3n de servicio (referencia a puntero nulo, corrupci\u00f3n de memoria, y ca\u00edda del demonio) a trav\u00e9s de un SDP inv\u00e1lido que define una descripci\u00f3n de medios antes de la descripci\u00f3n de conexi\u00f3n en una petici\u00f3n SIP."
}
],
"id": "CVE-2013-5642",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-09T17:55:06.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96690"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62022"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028957"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-010.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html | ||
| cve@mitre.org | http://secunia.com/advisories/44973 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45048 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45201 | ||
| cve@mitre.org | http://secunia.com/advisories/45239 | ||
| cve@mitre.org | http://securitytracker.com/id?1025708 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2276 | ||
| cve@mitre.org | http://www.osvdb.org/73309 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/48431 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-010.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44973 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45048 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45201 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45239 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025708 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/73309 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48431 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.6.2.17.3 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.7.1 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.4.39.2 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40.1 | |
| digium | asterisk | 1.4.40.2 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | c.3.0 | |
| digium | asterisk | c.3.1.0 | |
| digium | asterisk | c.3.1.1 | |
| digium | asterisk | c.3.2.2 | |
| digium | asterisk | c.3.2.3 | |
| digium | asterisk | c.3.3.2 | |
| digium | asterisk | c.3.6.2 | |
| digium | asterisk | c.3.6.3 | |
| digium | asterisk | c.3.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
"matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
"matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame."
},
{
"lang": "es",
"value": "chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v1.6.2.18.1, y v1.8.x anteriores a v1.8.4.3, y Asterisk Business Edition vC.3 anteriores a vC.3.7.3, accede a una direcci\u00f3n de memoria contenida en un marco de control de opci\u00f3n, que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente tener un impacto no especificado a trav\u00e9s de un marco manipulado."
}
],
"id": "CVE-2011-2535",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-06T19:55:03.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44973"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45048"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45201"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45239"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025708"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/73309"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48431"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-24 20:04
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 | ||
| cve@mitre.org | http://labs.musecurity.com/advisories/MU-200608-01.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/21600 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22651 | ||
| cve@mitre.org | http://securitytracker.com/id?1016742 | Patch | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/444322/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19683 | Patch | |
| cve@mitre.org | http://www.sineapps.com/news.php?rssid=1448 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/3372 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28542 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.musecurity.com/advisories/MU-200608-01.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21600 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22651 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016742 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/444322/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19683 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sineapps.com/news.php?rssid=1448 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3372 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28542 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.0.0 | |
| digium | asterisk | 1.0.1 | |
| digium | asterisk | 1.0.2 | |
| digium | asterisk | 1.0.3 | |
| digium | asterisk | 1.0.4 | |
| digium | asterisk | 1.0.5 | |
| digium | asterisk | 1.0.6 | |
| digium | asterisk | 1.0.7 | |
| digium | asterisk | 1.0.8 | |
| digium | asterisk | 1.0.9 | |
| digium | asterisk | 1.0.10 | |
| digium | asterisk | 1.0_rc1 | |
| digium | asterisk | 1.0_rc2 | |
| digium | asterisk | 1.2.0_beta1 | |
| digium | asterisk | 1.2.0_beta2 | |
| digium | asterisk | 1.2.6 | |
| digium | asterisk | 1.2.7 | |
| digium | asterisk | 1.2.8 | |
| digium | asterisk | 1.2.9 | |
| digium | asterisk | 1.2.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A92B4D-16A7-4D99-8F3A-2E5D3B12C86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16783925-8EC5-431F-90B5-93B16DCC10B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59AF9E-FEC7-44AB-B392-49DB11BAEB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "325C4452-6541-46F6-A86C-6D6987583FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5424B5B4-99B3-4695-8E0D-7E8DC8B88C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "62BDF9F0-1AFD-47E6-9054-A9FC6D422DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8D2125-019A-4B73-9E1A-98E745148803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8679FD-B2E5-46F6-B20C-F109B9706C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E49F2D76-DC82-4289-8891-4982795D896A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "203237E0-BB44-42D0-B65B-CBDAAA68A1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta de fin de auditor\u00eda (audit endpoint) (AUEP) manipulada."
}
],
"id": "CVE-2006-4345",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-24T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21600"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"source": "cve@mitre.org",
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2010-002.html | Exploit, Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html | ||
| cve@mitre.org | http://secunia.com/advisories/38641 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39096 | ||
| cve@mitre.org | http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/509608/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023637 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0439 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/56397 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2010-002.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38641 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/509608/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023637 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0439 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/56397 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.1 | |
| digium | asterisk | 1.2.2 | |
| digium | asterisk | 1.2.2 | |
| digium | asterisk | 1.2.3 | |
| digium | asterisk | 1.2.3 | |
| digium | asterisk | 1.2.6 | |
| digium | asterisk | 1.2.7 | |
| digium | asterisk | 1.2.8 | |
| digium | asterisk | 1.2.9 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.14 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2.16 | |
| digium | asterisk | 1.2.16 | |
| digium | asterisk | 1.2.17 | |
| digium | asterisk | 1.2.17 | |
| digium | asterisk | 1.2.18 | |
| digium | asterisk | 1.2.18 | |
| digium | asterisk | 1.2.19 | |
| digium | asterisk | 1.2.19 | |
| digium | asterisk | 1.2.20 | |
| digium | asterisk | 1.2.20 | |
| digium | asterisk | 1.2.21 | |
| digium | asterisk | 1.2.21 | |
| digium | asterisk | 1.2.21.1 | |
| digium | asterisk | 1.2.21.1 | |
| digium | asterisk | 1.2.22 | |
| digium | asterisk | 1.2.22 | |
| digium | asterisk | 1.2.23 | |
| digium | asterisk | 1.2.23 | |
| digium | asterisk | 1.2.24 | |
| digium | asterisk | 1.2.24 | |
| digium | asterisk | 1.2.25 | |
| digium | asterisk | 1.2.25 | |
| digium | asterisk | 1.2.26 | |
| digium | asterisk | 1.2.26 | |
| digium | asterisk | 1.2.26.1 | |
| digium | asterisk | 1.2.26.1 | |
| digium | asterisk | 1.2.26.2 | |
| digium | asterisk | 1.2.26.2 | |
| digium | asterisk | 1.2.27 | |
| digium | asterisk | 1.2.28 | |
| digium | asterisk | 1.2.28.1 | |
| digium | asterisk | 1.2.29 | |
| digium | asterisk | 1.2.30 | |
| digium | asterisk | 1.2.30.1 | |
| digium | asterisk | 1.2.30.2 | |
| digium | asterisk | 1.2.30.3 | |
| digium | asterisk | 1.2.30.4 | |
| digium | asterisk | 1.2.31 | |
| digium | asterisk | 1.2.31.1 | |
| digium | asterisk | 1.2.32 | |
| digium | asterisk | 1.2.33 | |
| digium | asterisk | 1.2.34 | |
| digium | asterisk | 1.2.35 | |
| digium | asterisk | 1.2.36 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | b.1.3.2 | |
| digium | asterisk | b.1.3.3 | |
| digium | asterisk | b.2.2.0 | |
| digium | asterisk | b.2.2.1 | |
| digium | asterisk | b.2.3.1 | |
| digium | asterisk | b.2.3.2 | |
| digium | asterisk | b.2.3.3 | |
| digium | asterisk | b.2.3.4 | |
| digium | asterisk | b.2.3.5 | |
| digium | asterisk | b.2.3.6 | |
| digium | asterisk | b.2.5.0 | |
| digium | asterisk | b.2.5.1 | |
| digium | asterisk | b.2.5.2 | |
| digium | asterisk | b.2.5.3 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.6 | |
| digium | asterisk | c.1.6.1 | |
| digium | asterisk | c.1.6.2 | |
| digium | asterisk | c.1.8.0 | |
| digium | asterisk | c.1.8.1 | |
| digium | asterisk | c.2.3 | |
| digium | asterisk | c.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*",
"matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*",
"matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*",
"matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*",
"matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*",
"matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*",
"matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*",
"matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*",
"matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*",
"matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*",
"matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*",
"matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*",
"matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*",
"matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*",
"matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CF11B38A-12D7-453A-870D-CDC2DE9313CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D69ACB7-CF9A-40B5-819E-58DA884D4E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*",
"matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*",
"matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*",
"matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*",
"matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*",
"matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*",
"matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*",
"matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*",
"matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*",
"matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*",
"matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*",
"matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
"matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
"matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
"matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
"matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
"matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
"matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
},
{
"lang": "es",
"value": "El dise\u00f1o de la funcionalidad dialplan en Asterisk Open Source v1.2.x, v1.4.x, y v1.6.x; y Asterisk Business Edition vB.x.x y vC.x.x,cuando se utiliza la variable de canal $ (EXTEN) y coincidencias de patron comod\u00edn, permite a atacantes dependiendo del contexto, inyectar cadenas en dialplan utilizando metacaracteres que son inyectados cuando la variable es expandida, como se demuestra utilizando la aplicaci\u00f3n Dial en un proceso en el que el mensaje SIP INVITE esta manipulado el cual a\u00f1ade un canal de salida no previsto. NOTA: Podr\u00eda argumentarse que esto no es una vulnerabilidad en Asterisk, pero hay un tipo de vulnerabilidades que pueden producirse en cualquier programa que utilice esta caracter\u00edstica sin la funcionalidad de filtrado correspondiente que actualmente esta disponible."
}
],
"id": "CVE-2010-0685",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38641"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39096"
},
{
"source": "cve@mitre.org",
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023637"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2018-005.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/103129 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040417 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27618 | Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44181/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2018-005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103129 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040417 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44181/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | 13.19.1 | |
| digium | certified_asterisk | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBC6235-486B-46AE-96C1-A8F5B68A1D96",
"versionEndIncluding": "14.7.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
"versionEndIncluding": "15.2.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A0ED4E-446A-4315-BE3A-8647F0ECC624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56E4037E-1F6F-4E1A-8549-38219F0A8E91",
"versionEndIncluding": "13.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Asterisk hasta la versi\u00f3n 13.19.1, versiones 14.x hasta la 14.7.5 y versiones 15.x hasta la 15.2.1; as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.18-cert2. res_pjsip permite que usuarios remotos autenticados provoquen el cierre inesperado de Asterisk (fallo de segmentaci\u00f3n) mediante el env\u00edo de mensajes SIP INVITE en una conexi\u00f3n TCP o TLS para despu\u00e9s cerrar la conexi\u00f3n repentinamente."
}
],
"id": "CVE-2018-7286",
"lastModified": "2024-11-21T04:11:56.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T00:29:01.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103129"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44181/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-15 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2011-002.html | Vendor Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html | Patch | |
| secalert@redhat.com | http://secunia.com/advisories/43429 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/43702 | Vendor Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2225 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/03/11/2 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/03/11/8 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/46474 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1025101 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0635 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-002.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43429 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43702 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/03/11/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/03/11/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46474 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0635 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.6 | |
| digium | asterisk | c.1.6.1 | |
| digium | asterisk | c.1.6.2 | |
| digium | asterisk | c.1.8.0 | |
| digium | asterisk | c.1.8.1 | |
| digium | asterisk | c.2.3 | |
| digium | asterisk | c.3.0 | |
| digium | asterisk | c.3.1.0 | |
| digium | asterisk | c.3.1.1 | |
| digium | asterisk | c.3.2.2 | |
| digium | asterisk | c.3.2.3 | |
| digium | asterisk | c.3.3.2 | |
| digium | asterisk | c.3.6.2 | |
| digium | asterisknow | 1.5 | |
| digium | s800i | * | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.1.17 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
"matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
"matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
"matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
"matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
"matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
"matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF81215F-0DD3-48FC-BA1C-19E42FCD47B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E063F5CE-AAF1-4FB0-9D75-E26F30B85409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en las funciones (1) decode_open_type y (2) udptl_rx_packet en main/udptl.c en Asterisk Open Source v1.4.x anterior a v1.4.39.2, v1.6.1.x antes de v1.6.1.22, v1.6.2.x antes de v1.6.2.16.2, y v1.8 antes de v1.8.2.4; Business Edition vC.x.x antes de vC.3.6.3; AsteriskNOW v1.5; y s800i (Asterisk Appliance), cuando el soporte T.38 est\u00e1 activo, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un paquete UDPTL manipulado"
}
],
"id": "CVE-2011-1147",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-15T17:55:05.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43429"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43702"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46474"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025101"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0635"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-07 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://asterisk.org/node/48319 | ||
| cve@mitre.org | http://asterisk.org/node/48320 | ||
| cve@mitre.org | http://labs.musecurity.com/advisories/MU-200703-01.txt | ||
| cve@mitre.org | http://secunia.com/advisories/24380 | ||
| cve@mitre.org | http://secunia.com/advisories/24578 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25582 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200703-14.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1358 | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/228032 | US Government Resource | |
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| cve@mitre.org | http://www.osvdb.org/33888 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/22838 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1017723 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/0830 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32830 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://asterisk.org/node/48319 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://asterisk.org/node/48320 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.musecurity.com/advisories/MU-200703-01.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24578 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25582 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200703-14.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/228032 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_34_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/33888 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017723 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0830 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32830 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.2.0_beta1 | |
| digium | asterisk | 1.2.0_beta2 | |
| digium | asterisk | 1.2.6 | |
| digium | asterisk | 1.2.7 | |
| digium | asterisk | 1.2.8 | |
| digium | asterisk | 1.2.9 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.14 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2_beta1 | |
| digium | asterisk | 1.2_beta2 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0_beta1 | |
| digium | asterisk | 1.4.0_beta2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FAB63F-B9F8-4D39-AEE9-BC0E54BAA944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC20315-40B5-4DA1-AC49-E911C03AEA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B909947-44E3-463E-9FAD-76C8E21A54E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB2F8AA-B70B-4280-BDBD-023037C16D70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference."
},
{
"lang": "es",
"value": "Asterisk versiones 1.4 anteriores a 1.4.1 y versiones 1.2 anteriores a 1.2.16, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) enviando un paquete de Session Initiation Protocol (SIP) sin una URI y Encabezado SIP-version, lo que resulta en una desreferencia del puntero NULL."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html \r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2007-1306",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-07T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://asterisk.org/node/48319"
},
{
"source": "cve@mitre.org",
"url": "http://asterisk.org/node/48320"
},
{
"source": "cve@mitre.org",
"url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24380"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24578"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25582"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/228032"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/33888"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22838"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017723"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0830"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://asterisk.org/node/48319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://asterisk.org/node/48320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/228032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/33888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-15 05:15
Modified
2024-11-21 06:54
Severity ?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2022-003.html | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2022-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1533FF1D-ABC5-4F45-8FB4-7441C03422F4",
"versionEndExcluding": "16.25.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD25061-F1D0-4849-9905-CB4AEDC59363",
"versionEndExcluding": "19.3.2",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
"matchCriteriaId": "B416D491-F0D0-4F9E-BEE0-236D9FFF03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A21DB030-7BE3-4ED0-8212-7FACC715136F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
"matchCriteriaId": "8BF4E88F-5400-4B79-ADBA-ECED941AF092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
"matchCriteriaId": "21C227EC-7084-4F08-AA04-271DB4561823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Asterisk versiones hast 19.x y Certified Asterisk versiones hasta 16.8-cert13. El m\u00f3dulo func_odbc proporciona una funcionalidad de escape posiblemente inapropiada para los caracteres de barra invertida en las consultas SQL, resultando en que los datos proporcionados por el usuario creen una consulta SQL rota o posiblemente una inyecci\u00f3n SQL. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2, y 16.8-cert14"
}
],
"id": "CVE-2022-26651",
"lastModified": "2024-11-21T06:54:15.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el controlador de canales chan_pjsip en Asterisk Open Source 12.x anterior a 12.7.1 y 13.x anterior a 13.0.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda) a trav\u00e9s de una solicitud cancel para una sesi\u00f3n SIP con una acci\u00f3n en cola para (1) responder a una sesi\u00f3n o (2) enviar tonos de llamada."
}
],
"id": "CVE-2014-8415",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:07.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-12 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2007-022.html | ||
| cve@mitre.org | http://osvdb.org/38201 | ||
| cve@mitre.org | http://osvdb.org/38202 | ||
| cve@mitre.org | http://secunia.com/advisories/27184 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/481996/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26005 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018804 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3454 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/37051 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/37052 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2007-022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38201 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38202 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27184 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/481996/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018804 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3454 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/37051 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/37052 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600A8B6A-B929-455F-AB6C-548712F45A44",
"versionEndIncluding": "1.4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de voicemail del Asterisk 1.4.x anterior al 1.4.13, cuando se utiliza el almacenamiento IMAP, puede permitir (1) a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una combinaci\u00f3n larga de cabeceras dependientes del tipo (Content-type) y de la descripci\u00f3n (Content-description), o (2) usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una combinaci\u00f3n larga de los campos astspooldir, voicemail context y voicemail mailbox. NOTA: el vector 2 requiere acceso de escritura en los ficheros de configuraci\u00f3n del Asterisk."
}
],
"id": "CVE-2007-5358",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-12T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38201"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38202"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27184"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018804"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3454"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html | Broken Link | |
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff | Patch, Vendor Advisory | |
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2012-002.pdf | Vendor Advisory | |
| secalert@redhat.com | http://osvdb.org/80125 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/48417 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/48941 | Broken Link | |
| secalert@redhat.com | http://securitytracker.com/id?1026812 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.asterisk.org/node/51797 | Broken Link | |
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2460 | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/03/16/10 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/03/16/17 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/52523 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/74082 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-002.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80125 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48417 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48941 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1026812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/51797 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2460 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/03/16/10 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/03/16/17 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/52523 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74082 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83BEEFED-03F9-4E63-B348-41D2A112D124",
"versionEndExcluding": "1.4.44",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A847AF83-3D35-42A6-A994-23E8D9C64379",
"versionEndExcluding": "1.6.2.23",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB0F939-6D71-415D-88B3-1654DEB80671",
"versionEndExcluding": "1.8.10.1",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36CEACD4-5FB6-44BA-B402-6CB4BA2EA4D6",
"versionEndExcluding": "10.2.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de desboramiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n milliwatt_generate en main/utils.c en Asterisk Asterisk v1.4.x antes de v1.4.44, v1.6.x antes de v1.6.2.23, v1.8.x antes de v1.8.10.1, and v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una gran n\u00famero de muestras en un paquete de audio."
}
],
"id": "CVE-2012-1183",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-18T18:55:04.210",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/80125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48417"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48941"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1026812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/52523"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/80125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1026812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/52523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-011.html | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-011.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.6.2.17.3 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18.1 | |
| digium | asterisk | 1.6.2.18.2 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.7.1 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.4.39.2 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40.1 | |
| digium | asterisk | 1.4.40.2 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41.1 | |
| digium | asterisk | 1.4.41.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA6B65B-1D93-4028-BD85-8879D310B896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79A46D43-FE29-4665-8052-284BC9C70D9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0606F179-8817-4124-B92B-CD868B216320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E93609A6-7FFD-4179-86E9-0D1292B035B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto del controlador del canal SIP en Asterisk Open Source 1.4.x hasta 1.1.41.2 y 1.6.2.x hasta 1.6.2.18.2 no activa la opci\u00f3n alwaysauthreject, lo que permite a atacantes remotos enumerar los nombres de las cuentas al hacer una serie de peticiones SIP inv\u00e1lidas y observando las diferencias en las respuestas para distintos nombres de usuario, es una vulnerabilidad distinta a CVE-2011-2536."
}
],
"id": "CVE-2011-2666",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-06T19:55:03.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 04:11
Severity ?
Summary
A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2018-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/103149 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040415 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2018-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103149 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040415 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
"versionEndIncluding": "15.2.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de acceso a puntero NULL en las versiones 15.x de Asterisk hasta la versi\u00f3n 15.2.1. El soporte RTP en Asterisk mantiene su propio registro de c\u00f3decs din\u00e1micos y n\u00fameros de carga \u00fatil deseados. Aunque una negociaci\u00f3n SDP puede resultar en que un c\u00f3dec emplee un n\u00famero de carga \u00fatil diferente, aquellos que se deseen se siguen almacenando internamente. Cuando se recib\u00eda un paquete RTP, este registro ser\u00eda consultado si el n\u00famero de carga \u00fatil no se encontraba en el SDP negociado. Este registro se consultaba err\u00f3neamente para todos los paquetes, incluso los din\u00e1micos. Si el n\u00famero de carga \u00fatil resultaba en un c\u00f3dec con tipo diferente a la transmisi\u00f3n RTP (por ejemplo, el n\u00famero de payload resultaba en un c\u00f3dec de v\u00eddeo, pero la transmisi\u00f3n conten\u00eda audio), podr\u00eda ocurrir un cierre inesperado si no se hab\u00eda negociado una transmisi\u00f3n de ese tipo. Esto se debe a que el c\u00f3digo asume err\u00f3neamente que una transmisi\u00f3n de este tipo existir\u00eda siempre."
}
],
"id": "CVE-2018-7285",
"lastModified": "2024-11-21T04:11:56.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T00:29:01.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103149"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-20 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff | Patch, Vendor Advisory | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-001.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html | Third Party Advisory | |
| cve@mitre.org | http://osvdb.org/70518 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/42935 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/43119 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/43373 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2171 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/515781/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/45839 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0159 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0281 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0449 | Permissions Required | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/64831 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-001.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/70518 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42935 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43119 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43373 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2171 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/515781/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45839 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0159 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0281 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0449 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64831 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisknow | 1.5 | |
| fedoraproject | fedora | 13 | |
| fedoraproject | fedora | 14 | |
| debian | debian_linux | 6.0 | |
| digium | s800i_firmware | 1.2.0 | |
| digium | s800i | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*",
"matchCriteriaId": "FA6C77B1-85FF-47C1-8E1F-CABFF1DEA5FE",
"versionEndExcluding": "c.3.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF68F51-2011-4CEE-A4EA-49A59E440BAA",
"versionEndIncluding": "1.2.40",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CCB255-0F1A-4FBE-A04D-A9560D3DF3BE",
"versionEndExcluding": "1.4.38.1",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CEB89D-1D84-4B8E-B476-E00726752766",
"versionEndExcluding": "1.4.39.1",
"versionStartIncluding": "1.4.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F92DAC-5736-49A6-9C52-2330BC4B724B",
"versionEndExcluding": "1.6.1.21",
"versionStartIncluding": "1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71755241-9AF8-43EE-BD9F-9FF4DFD808D4",
"versionEndExcluding": "1.6.2.15.1",
"versionStartIncluding": "1.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "007C363A-CBC6-4A05-BD3E-74A5A530B281",
"versionEndExcluding": "1.6.2.16.1",
"versionStartIncluding": "1.6.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35488043-2E09-4286-A178-4A25AA5C364F",
"versionEndExcluding": "1.8.1.2",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AADFA817-D1C7-49D2-AE6D-55493145BAFF",
"versionEndExcluding": "1.8.2.2",
"versionStartIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF81215F-0DD3-48FC-BA1C-19E42FCD47B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digium:s800i_firmware:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA18EB6-92D5-4B01-A4BC-2B7177D28C40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15C35F93-0E57-4AEB-AA5F-4EDFAE753451",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n ast_uri_encode, en main/utils.c, en Asterisk Open Source before v.1.4.38.1, v.1.4.39.1, v.1.6.1.21, v.1.6.2.15.1, v.1.6.2.16.1, v.1.8.1.2, v.1.8.2.; y Business Edition before v.C.3.6.2; cuando se ejecuta en modo \"pedantic\" permite a usuarios autenticados ejectuar c\u00f3digo de su elecci\u00f3n manipulados con el dato llamador ID en vectores que involucran el (1) el driver del SIP, (2) la funci\u00f3n URIENCODE dialplan, o la funci\u00f3n AGI dialplan."
}
],
"id": "CVE-2011-0495",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-20T19:00:08.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/70518"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42935"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43119"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43373"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2171"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45839"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0159"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0281"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0449"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/70518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-27 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2011-005.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html | ||
| cve@mitre.org | http://secunia.com/advisories/44197 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44529 | ||
| cve@mitre.org | http://securitytracker.com/id?1025432 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2225 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/1086 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/1107 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/1188 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=698916 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2011-005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44197 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44529 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025432 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1086 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1188 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=698916 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.4.39.2 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.6 | |
| digium | asterisk | c.1.6.1 | |
| digium | asterisk | c.1.6.2 | |
| digium | asterisk | c.1.8.0 | |
| digium | asterisk | c.1.8.1 | |
| digium | asterisk | c.2.3 | |
| digium | asterisk | c.3.0 | |
| digium | asterisk | c.3.1.0 | |
| digium | asterisk | c.3.1.1 | |
| digium | asterisk | c.3.2.2 | |
| digium | asterisk | c.3.2.3 | |
| digium | asterisk | c.3.3.2 | |
| digium | asterisk | c.3.6.2 | |
| digium | asterisk | c.3.6.3 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.1.17 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.21 | |
| digium | asterisk | 1.6.1.22 | |
| digium | asterisk | 1.6.1.23 | |
| digium | asterisk | 1.6.1.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
"matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
"matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
"matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
"matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
"matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
"matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
"matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "87BBDF0F-7A23-48BA-98BC-0EDEDD2CDDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
},
{
"lang": "es",
"value": "Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6 0.4 no restringen el n\u00famero de sesiones no autenticadas a ciertas interfaces, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de descriptor de archivo y el agotamiento de espacio en disco) a trav\u00e9s de una serie de conexiones TCP."
}
],
"id": "CVE-2011-1507",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-27T00:55:04.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44197"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44529"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025432"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2025-04-12 10:46
Severity ?
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-002.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/66094 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-23373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-002.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-23373 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.1 | |
| digium | asterisk | 1.8.12.2 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.1 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.1 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
},
{
"lang": "es",
"value": "channels/chan_sip.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1, y Certified Asterisk 1.8.15 anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, cuando chan_sip tiene cierta configuraci\u00f3n, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de canal y consumo de descriptores de archivo) a trav\u00e9s de una solicitud INVITE con una cabecera (1) Session-Expires o (2) Min-SE con un valor malformado o invalido."
}
],
"id": "CVE-2014-2287",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:38.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66094"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-006.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/532419/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/532419/100/0/threaded |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
},
{
"lang": "es",
"value": "Asterisk Open Source 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 11.6 anterior a 11.6-cert3 permite a usuarios remotos autenticados Manager ejecutar comandos del sistema arbitrarios a trav\u00e9s de una acci\u00f3n MixMonitor."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"",
"id": "CVE-2014-4046",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:07.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50388096-3988-4931-B67B-156A9603E0EA",
"versionEndExcluding": "1.8.32.1",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
"versionEndExcluding": "11.14.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
},
{
"lang": "es",
"value": "(1) Los controladores de canales VoIP, (2) DUNDi, y (3) Asterisk Manager Interface (AMI) en Asterisk Open Source 1.8.x anterior a 1.8.32.1, 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 1.8.28 anterior a 1.8.28-cert3 y 11.6 anterior a 11.6-cert8 permite a atacantes remotos evadir las restricciones ACL a trav\u00e9s de un paquete con una fuente IP que no comparte la familia de direcciones como la primera entrada ACL."
}
],
"id": "CVE-2014-8412",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:04.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
"versionEndExcluding": "11.14.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
},
{
"lang": "es",
"value": "ConfBridge en Asterisk 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados (1) ganar privilegios a trav\u00e9s de vectores relacionados con un protocolo externo en la funci\u00f3n CONFBRIDGE dialplan o (2) ejecutar comandos del sistema arbitrarios a trav\u00e9s de una acci\u00f3n ConfbridgeStartRecord AMI manipulada."
}
],
"id": "CVE-2014-8417",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:09.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-006.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3000F83F-4D47-4BA8-BF35-844C41BFBE18",
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C549ED-B864-47C9-ACD8-C695FC7DAE57",
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F12809-5F7E-4B99-A028-30B43BAFB5A6",
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC7665A-FF2F-4A20-B695-96C2217D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "18C39C0A-7F81-4734-8C1D-4FFDF070F526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F809DB3A-457F-4DEF-9B11-E3FCDF2D8466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1F170494-F60A-42C2-A2CE-1BB5BDCC8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "2A28B713-6CBB-4F4D-A54B-17758DD35EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7D110F5-E431-4F31-8723-494D20D9108D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en channels/chan_sip.c en Sangoma Asterisk 13.x antes de 13.29.2, 16.x antes de 16.6.2, y 17.x antes de 17.0.1, y Certified Asterisk 13.21 antes de cert5. Una solicitud SIP puede ser enviada a Asterisk que puede cambiar la direcci\u00f3n IP de un peer SIP. Un REGISTRO no necesita ocurrir, y las llamadas pueden ser secuestradas como resultado. Lo \u00fanico que se necesita conocer es el nombre del peer; los detalles de autenticaci\u00f3n como las contrase\u00f1as no necesitan ser conocidos. Esta vulnerabilidad s\u00f3lo es explotable cuando la opci\u00f3n nat est\u00e1 configurada por defecto, o auto_force_rport"
}
],
"id": "CVE-2019-18790",
"lastModified": "2024-11-21T04:33:34.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T17:15:11.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-09 10:20
Modified
2025-04-11 00:51
Severity ?
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-010.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/50687 | ||
| cve@mitre.org | http://secunia.com/advisories/50756 | ||
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2550 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/54327 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-19992 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-010.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-19992 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk_business_edition | c.3.1 | |
| digium | asterisk_business_edition | c.3.3 | |
| digium | asterisk_business_edition | c.3.7.4 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asteriske | 1.8.8.0 | |
| digium | asteriske | 1.8.9.1 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.1 | |
| digium | asterisk | 10.4.2 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E50F92-00C1-4908-AA34-03F0C8B47DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49842130-C25E-43F6-9EC0-A7018AD915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F830CEB-2B0B-4713-8C26-9FADE6C47673",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5B9023E8-DB6F-4DE2-BB1E-D941BE279477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6135C4-7930-4DD5-80CD-4DC7F53956D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
},
{
"lang": "es",
"value": "Asterisk Open Source v1.8.x anterior a v1.8.13.1 y v10.x anterior a v10.5.2, Asterisk Business Edition vC.3.x anterior a vC.3.7.5, Certified Asterisk v1.8.11-certx anterior a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anterior a v10.5.2-digiumphones no maneja una respuesta provisional a una petici\u00f3n SIP reINVITE de forma adecuada, lo que permite a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de puerto RTP) a trav\u00e9s de sesiones que carecen de repuestas finales."
}
],
"id": "CVE-2012-3863",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-09T10:20:44.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-09 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2013-004.html | Patch | |
| cve@mitre.org | http://osvdb.org/96691 | ||
| cve@mitre.org | http://seclists.org/bugtraq/2013/Aug/185 | Patch | |
| cve@mitre.org | http://secunia.com/advisories/54534 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/54617 | ||
| cve@mitre.org | http://www.debian.org/security/2013/dsa-2749 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/62021 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1028956 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-21064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2013-004.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/96691 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2013/Aug/185 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54534 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2749 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028956 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-21064 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "El controlador de canal SIP (channel/chan_sip.c) en Asterisk Open Source 1.8.17.x hasta 1.8.22.x, 1.8.23.x (anteriores a 1.8.23.1), y 11.x (anteriores a 11.5.1); y Certified Asterisk 1.8.15 (anteriores a 1.8.15-cert3) y 11.2 (anteriores a 11.2-cert2) permiten a un atacante remoto causar una denegaci\u00f3n de servicio (referencia a puntero nulo, corrupci\u00f3n de memoria y ca\u00edda del demonio) a trav\u00e9s de un ACK con SDP a un canal previamente cerrado. \n\nNOTA: algunos de estos detalles fueron obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-5641",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-09T17:55:06.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96691"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028956"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-09 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2017-010.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/101760 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27337 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | ||
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2017-010.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101760 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27337 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4076 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDB1A9-AC31-4A47-A222-0C4E17274A02",
"versionEndExcluding": "13.18.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861B3BC-A35A-4617-A24E-F88D27DBE3F6",
"versionEndExcluding": "14.7.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651DC4FA-A4EF-40DC-9B54-3ED928A7531A",
"versionEndExcluding": "15.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E9DFD7C-9ED1-4561-8AFF-69D98E8E398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA8BFAC6-17A7-4B80-B436-0FFA4B9EA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "954376A0-A03C-47D9-BC5E-14B005DB3940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "07BB081F-504D-42E3-9CDE-4005572CA0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "0A4D417F-485E-4CAD-8542-A22BBA2869E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "61F70CD2-1727-4955-A81B-8927AEF468ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "A9437455-90FB-4F90-B246-A37E558C9CE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer se descubri\u00f3 en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. No se realizan chequeos de tama\u00f1o cuando se configura el campo user para Party B en un CDR. Por ello, es posible que alguien utilice una cadena arbitraria con una longitud larga y escriba m\u00e1s all\u00e1 del final del b\u00fafer de almacenamiento del campo user. NOTA: esta vulnerabilidad es diferente de CVE-2017-7617, que solo trataba del b\u00fafer Party A."
}
],
"id": "CVE-2017-16671",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-09T00:29:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-15 05:15
Modified
2024-11-21 06:54
Severity ?
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html | ||
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2022-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2022-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8AB56FA-AEC6-4A6F-B420-DDBF3390379B",
"versionEndIncluding": "16.25.1",
"versionStartIncluding": "16.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C25BFFCA-90FE-475D-88A7-3BC281B830AF",
"versionEndIncluding": "19.3.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible descargar archivos que no son certificados. Estos archivos pod\u00edan ser mucho m\u00e1s grandes de lo que se esperaba descargar, conllevando a un agotamiento de recursos. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2"
}
],
"id": "CVE-2022-26498",
"lastModified": "2024-11-21T06:54:03.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-17 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-007.html | Mitigation, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3700 | Third Party Advisory | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1374733 | Issue Tracking, Patch | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-26272 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-007.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3700 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1374733 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-26272 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.1 | |
| digium | asterisk | 11.2.2 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.1 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.2 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.1 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.1 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.1 | |
| digium | asterisk | 11.14.2 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.1 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.17.1 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.1 | |
| digium | asterisk | 11.21.2 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.1 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8.0 | |
| digium | certified_asterisk | 13.8.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12745DB9-F19D-4507-A9FE-218B7BB29DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFFAE3F-3B78-49DE-8F01-2E439D9A6F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0501E88B-986A-44C6-A6B5-F2CB9087A8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "707296C4-153C-4ACF-B91A-AB5FA42260CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
"matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2016E8F9-542D-46CE-905D-3CBAF97A24A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC283754-B316-4BCE-8EEB-63CAFE68D601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D111448-7C39-4A6D-B492-B3D3DCEA8424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A52E12AB-99CA-4A34-A0CA-E8B511636A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB08CB2-8FB4-4738-9B67-C27273A78025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E36EFEF-670E-4659-A887-D497D4AA8223",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
},
{
"lang": "es",
"value": "chain_sip en Asterisk Open Source 11.x en versiones anteriores a 11.23.1 y 13.x 13.11.1 y Certified Asterisk 11.6 en versiones anteriores a 11.6-cert15 y 13.8 en versiones anteriores a 13.8-cert3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento portuario)"
}
],
"id": "CVE-2016-7551",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-17T16:59:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2025-04-12 10:46
Severity ?
Summary
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-004.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-23139 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-23139 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference."
},
{
"lang": "es",
"value": "res/res_pjsip_exten_state.c en el controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.0 permite a usuarios remotos autenticados causar una denegaci\u00b4\u00b4on de servicio (ca\u00edda) a trav\u00e9s de una solicitud SUBSCRIBE sin cabeceras Accept, lo que provoca una referencia de puntero invalida."
}
],
"id": "CVE-2014-2289",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:38.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/532414/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/532414/100/0/threaded |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device."
},
{
"lang": "es",
"value": "El Framework Publish/Subscribe en el controlador de canales PJSIP en Asterisk Open Source 12.x anterior a 12.3.1, cuando sub_min_expiry est\u00e9 configurado a cero, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda) a trav\u00e9s de una solicitud UNSUBSCRIBE cuando no est\u00e1 suscrito al dispositivo."
}
],
"id": "CVE-2014-4045",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:07.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-30 14:15
Modified
2024-11-21 06:07
Severity ?
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/49 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-008.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29392 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2021/dsa-4999 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/49 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-008.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29392 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4999 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4276A5-AE30-4AE2-9DC2-4742063B1DAA",
"versionEndExcluding": "13.38.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDB7BB2-CA84-4AF4-A91A-37FCDAED7E7D",
"versionEndExcluding": "16.19.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9931E-4BDC-4679-A879-21C59F79E85C",
"versionEndExcluding": "17.9.4",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4452C0A6-3082-4F14-96B0-73CC70EF1277",
"versionEndExcluding": "18.15.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Sangoma Asterisk versiones: 13.x anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones anteriores a 16.8-cert10. Si el controlador del canal IAX2 recibe un paquete que contiene un formato de medios no compatible, puede ocurrir un bloqueo"
}
],
"id": "CVE-2021-32558",
"lastModified": "2024-11-21T06:07:16.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:16.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-12 04:29
Modified
2024-11-21 03:44
Severity ?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2018-008.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/104455 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27818 | Patch, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2018-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104455 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27818 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.21 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85FB9D68-8BEE-40F5-8175-DC62C0EAFE8F",
"versionEndExcluding": "13.21.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B74E57-BD3C-4C54-A27C-F32DEF133390",
"versionEndExcluding": "14.7.7",
"versionStartExcluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41536B2F-2D75-406D-95CC-64889838F0B1",
"versionEndExcluding": "15.4.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
"matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
"matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*",
"matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Asterisk Open Source en versiones 13.x anteriores a la 13.21.1; versiones 14.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.4.1, as\u00ed como Certified Asterisk en versiones 13.18-cert anteriores a la 13.18-cert4 y 13.21-cert anteriores a la 13.21-cert2. Cuando las reglas de lista de control de acceso (ACL) espec\u00edficas del endpoint bloquean una petici\u00f3n SIP, responden con un mensaje de error 403 prohibido. Sin embargo, si no se identifica un endpoint, se env\u00eda una respuesta 401 no autorizada. Esta vulnerabilidad s\u00f3lo revela qu\u00e9 peticiones llegan a un endpoint definido. Las reglas de lista de control de acceso (ACL) no pueden omitirse para obtener acceso a los endpoints revelados."
}
],
"id": "CVE-2018-12227",
"lastModified": "2024-11-21T03:44:49.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-12T04:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2013-006.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/101100 | ||
| cve@mitre.org | http://secunia.com/advisories/56294 | ||
| cve@mitre.org | http://www.debian.org/security/2014/dsa-2835 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:300 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/64364 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1029499 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/89825 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-22590 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2013-006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/101100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56294 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2014/dsa-2835 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:300 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/64364 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029499 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/89825 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-22590 | Exploit, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.12.0 | |
| digium | asterisk | 10.12.0 | |
| digium | asterisk | 10.12.0 | |
| digium | asterisk | 10.12.1 | |
| digium | asterisk | 10.12.2 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk_digiumphones | 10.0.0 | |
| digium | asterisk_digiumphones | 10.0.0 | |
| digium | asterisk_digiumphones | 10.0.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.11.0 | |
| digium | asterisk_digiumphones | 10.12.0 | |
| digium | asterisk_digiumphones | 10.12.0 | |
| digium | asterisk_digiumphones | 10.12.0 | |
| digium | asterisk_digiumphones | 10.12.1 | |
| digium | asterisk_digiumphones | 10.12.2 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE78F4A2-B165-446C-AA1C-7A9E13718C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD97918-B589-4422-B695-C3C00203A3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1E59E84-F3FF-44FF-BC7D-31F3880E32F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D9C7006-F5B1-4171-BB44-182C39DE3AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D2B210-3ADA-40AD-A575-DB88A9F71C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7C53CD-260C-49F5-BCA4-E1D0A58E0B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB19B2F7-5685-449F-858C-C226D2A373B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D10B9E8C-3B72-490B-A276-A745299DA3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E63CF763-0682-4453-8D07-C9253C179486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDB7AA1-25A7-4BED-A875-C0494E973EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0BCE319-8C87-4521-BEAA-02F0EF47B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A2534F0-3DEE-4FCB-B15D-97D1836CE83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D3F38B78-8215-43D6-8C5C-6DB8E6C34F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B76B-4713-4281-AB4B-B17901121B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "08EE9963-2A44-48A0-8A1B-919CCE3652FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19C7B58B-6591-45B5-B527-50FA0A5BD1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05D3825F-3B95-4056-AF3C-43269734BA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "806F60DA-FAA1-4C13-889B-0FF518C01E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n unpacksms16 en apps/app_sms.c en Asterisk Open Source 1.8.x en versiones anteriores a 1.8.24.1, 10.x en versiones anteriores a 10.12.4 y 11.x en versiones anteriores a 11.6.1; Asterisk con Digiumphones 10.x-digiumphones en versiones anteriores a 10.12.4-digiumphones y Certified Asterisk 1.8.x en versiones anteriores a 1.8.15-cert4 y 11.x en versiones anteriores a 11.2-cert3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un mensaje 16-bit SMS con un n\u00famero impar de bytes, lo que desencadena un bucle infinito."
}
],
"id": "CVE-2013-7100",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T22:55:04.570",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/101100"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56294"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64364"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029499"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-31 10:17
Modified
2025-04-09 00:30
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=185713 | Issue Tracking, Patch | |
| cve@mitre.org | http://ftp.digium.com/pub/asa/ASA-2007-018.pdf | Broken Link, Patch | |
| cve@mitre.org | http://osvdb.org/38197 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/26274 | Broken Link, Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29051 | Broken Link | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200802-11.xml | Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/2960 | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/475069/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/24950 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018472 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2701 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=185713 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asa/ASA-2007-018.pdf | Broken Link, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38197 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26274 | Broken Link, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29051 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-11.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2960 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/475069/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24950 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018472 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2701 | Broken Link |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "550ACDD4-83E9-470C-A151-51DC311B9C65",
"versionEndExcluding": "1.2.23",
"versionStartIncluding": "1.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5AE015-73F0-450E-AAC4-D60BEE3E71A6",
"versionEndExcluding": "1.4.9",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB3B452-3577-44C9-AD6C-14982AD5E4A2",
"versionEndExcluding": "0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released."
},
{
"lang": "es",
"value": "El controlador de canal IAX2 (chan_iax2) de Asterisk Open 1.2.x anterior a 1.2.23, 1.4.x anterior a 1.4.9, y Asterisk Appliance Developer Kit anterior a 0.6.0, cuando est\u00e1 configurado para permitir llamadas no autenticadas, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) mediante una inundaci\u00f3n de llamadas que no completan la negociaci\u00f3n de 3 pasos, lo cual provoca que se reserve un canal ast_channel pero no se libere."
}
],
"id": "CVE-2007-4103",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2007-07-31T10:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38197"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26274"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29051"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/2960"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018472"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/2701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/2960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/2701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 04:11
Severity ?
Summary
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2018-004.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/103151 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040416 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44184/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2018-004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103151 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040416 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44184/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E88E5DD3-A16C-4026-A7E3-02C5C8AEFA0C",
"versionEndIncluding": "13.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBC6235-486B-46AE-96C1-A8F5B68A1D96",
"versionEndIncluding": "14.7.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
"versionEndIncluding": "15.2.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
"matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
"matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56E4037E-1F6F-4E1A-8549-38219F0A8E91",
"versionEndIncluding": "13.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de desbordamiento de b\u00fafer en Asterisk hasta la versi\u00f3n 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.18-cert2. Al procesar una petici\u00f3n SUBSCRIBE, el m\u00f3dulo res_pjsip_pubsub almacena los formatos aceptados presentes en las cabeceras Accept de la petici\u00f3n. Este c\u00f3digo no limitaba el n\u00famero de cabeceras que procesaba, a pesar de tener un l\u00edmite fijado en 32. Si estuviesen presentes m\u00e1s de 32 cabeceras Accept, el c\u00f3digo escribir\u00eda fuera de la memoria y provocar\u00eda un cierre inesperado."
}
],
"id": "CVE-2018-7284",
"lastModified": "2024-11-21T04:11:56.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T00:29:01.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040416"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44184/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 11:30
Modified
2025-04-09 00:30
Severity ?
Summary
rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt | Exploit | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt | Exploit | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt | Exploit | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt | Exploit | |
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2009-010.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/37530 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/37677 | ||
| cve@mitre.org | http://secunia.com/advisories/37708 | ||
| cve@mitre.org | http://securitytracker.com/id?1023249 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1952 | ||
| cve@mitre.org | http://www.osvdb.org/60569 | ||
| cve@mitre.org | http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/508147/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/37153 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3368 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/54471 | ||
| cve@mitre.org | https://issues.asterisk.org/view.php?id=16242 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2009-010.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37530 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37677 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37708 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023249 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1952 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/60569 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/508147/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37153 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3368 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54471 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/view.php?id=16242 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.1 | |
| digium | asterisk | 1.2.2 | |
| digium | asterisk | 1.2.2 | |
| digium | asterisk | 1.2.3 | |
| digium | asterisk | 1.2.3 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.14 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2.16 | |
| digium | asterisk | 1.2.16 | |
| digium | asterisk | 1.2.17 | |
| digium | asterisk | 1.2.17 | |
| digium | asterisk | 1.2.18 | |
| digium | asterisk | 1.2.18 | |
| digium | asterisk | 1.2.19 | |
| digium | asterisk | 1.2.19 | |
| digium | asterisk | 1.2.20 | |
| digium | asterisk | 1.2.20 | |
| digium | asterisk | 1.2.21 | |
| digium | asterisk | 1.2.21 | |
| digium | asterisk | 1.2.21.1 | |
| digium | asterisk | 1.2.21.1 | |
| digium | asterisk | 1.2.22 | |
| digium | asterisk | 1.2.22 | |
| digium | asterisk | 1.2.23 | |
| digium | asterisk | 1.2.23 | |
| digium | asterisk | 1.2.24 | |
| digium | asterisk | 1.2.24 | |
| digium | asterisk | 1.2.25 | |
| digium | asterisk | 1.2.25 | |
| digium | asterisk | 1.2.26 | |
| digium | asterisk | 1.2.26 | |
| digium | asterisk | 1.2.26.1 | |
| digium | asterisk | 1.2.26.1 | |
| digium | asterisk | 1.2.26.2 | |
| digium | asterisk | 1.2.26.2 | |
| digium | asterisk | 1.2.27 | |
| digium | asterisk | 1.2.28 | |
| digium | asterisk | 1.2.28.1 | |
| digium | asterisk | 1.2.29 | |
| digium | asterisk | 1.2.30 | |
| digium | asterisk | 1.2.30.1 | |
| digium | asterisk | 1.2.30.2 | |
| digium | asterisk | 1.2.30.3 | |
| digium | asterisk | 1.2.30.4 | |
| digium | asterisk | 1.2.31 | |
| digium | asterisk | 1.2.31.1 | |
| digium | asterisk | 1.2.32 | |
| digium | asterisk | 1.2.33 | |
| digium | asterisk | 1.2.34 | |
| digium | asterisk | 1.2.35 | |
| digium | asterisk | 1.2.36 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.7.1 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0.1 | |
| digium | asterisk | 1.6.0.2 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.4 | |
| digium | asterisk | 1.6.0.5 | |
| digium | asterisk | 1.6.0.6 | |
| digium | asterisk | 1.6.0.7 | |
| digium | asterisk | 1.6.0.8 | |
| digium | asterisk | 1.6.0.9 | |
| digium | asterisk | 1.6.0.10 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.15 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | s800i | 1.3.0 | |
| digium | s800i | 1.3.0.2 | |
| digium | s800i | 1.3.0.3 | |
| digium | s800i | 1.3.0.4 | |
| digium | asterisk | b | |
| digium | asterisk | b.1.3.2 | |
| digium | asterisk | b.1.3.3 | |
| digium | asterisk | b.2.2.0 | |
| digium | asterisk | b.2.2.1 | |
| digium | asterisk | b.2.3.1 | |
| digium | asterisk | b.2.3.2 | |
| digium | asterisk | b.2.3.3 | |
| digium | asterisk | b.2.3.4 | |
| digium | asterisk | b.2.3.5 | |
| digium | asterisk | b.2.3.6 | |
| digium | asterisk | b.2.5.0 | |
| digium | asterisk | b.2.5.1 | |
| digium | asterisk | b.2.5.2 | |
| digium | asterisk | b.2.5.3 | |
| digium | asterisk | c | |
| digium | asterisk | c.2.3 | |
| digium | asterisk | c.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*",
"matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*",
"matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*",
"matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*",
"matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*",
"matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*",
"matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*",
"matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*",
"matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*",
"matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*",
"matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*",
"matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*",
"matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*",
"matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*",
"matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CF11B38A-12D7-453A-870D-CDC2DE9313CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D69ACB7-CF9A-40B5-819E-58DA884D4E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
"matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBA9D27-E3DC-45CE-B56B-2C6781AA6A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14CD1CCD-DFF2-4813-B56F-EA1C78AA818E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4499411B-C92E-47F3-A6F2-8C9011B1CBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9684FD88-7422-4272-B9BC-D8638B1AA0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F6FF8-8B88-4A02-B23A-0CADA8CE316E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "15C4C10F-BD36-491A-87E7-2F072796DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565444DE-F67C-4B6E-AC1E-92FC0D8A87CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80E356B2-4AEA-4532-A6F8-13B814BEB2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60F261AB-3172-4245-8090-744294A0D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD6B08-D77D-4275-8F91-2CA47FF6E363",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:b:-:business:*:*:*:*:*",
"matchCriteriaId": "564A4529-997D-4615-BED8-AE3FB159689A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*",
"matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*",
"matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*",
"matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*",
"matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*",
"matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*",
"matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*",
"matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*",
"matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*",
"matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*",
"matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*",
"matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c:-:business:*:*:*:*:*",
"matchCriteriaId": "7CD989BE-8FA0-4EDB-8442-C2E12BD01D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
},
{
"lang": "es",
"value": "rtp.c en Asterisk Open Source v1.2.x anterior a v1.2.37, v1.4.x anterior a v1.4.27.1, v1.6.0.x anterior a v1.6.0.19, y v1.6.1.x anterior a v1.6.1.11; Business Edition B.x.x anterior a B.2.5.13, C.2.x.x anterior a C.2.4.6, y C.3.x.x anterior a C.3.2.3; y s800i v1.3.x anterior a v1.3.0.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s una carga \u00fatil del RTP ruido de confort con una larga longitud de datos."
}
],
"id": "CVE-2009-4055",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T11:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37530"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37677"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37708"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023249"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/60569"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37153"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3368"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/view.php?id=16242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/60569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/view.php?id=16242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 19:29
Modified
2024-11-21 02:58
Severity ?
Summary
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)."
},
{
"lang": "es",
"value": "asterisk versi\u00f3n 13.10.0, se ve afectado por: problemas de Denegaci\u00f3n de Servicio en asterisk. El impacto es: provocar una Denegaci\u00f3n de Servicio (remota)."
}
],
"id": "CVE-2016-7550",
"lastModified": "2024-11-21T02:58:11.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T19:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 20:15
Modified
2024-11-21 05:56
Severity ?
Summary
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-004.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29205 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-004.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29205 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8661F7-03A5-4850-BEF7-E306AECE3037",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el archivo res_rtp_asterisk.c en Sangoma Asterisk versiones anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6, permite a un cliente WebRTC autenticado causar un bloqueo de Asterisk mediante el env\u00edo de m\u00faltiples peticiones de hold/unhold en una sucesi\u00f3n r\u00e1pida.\u0026#xa0;Esto es causado por una discrepancia en la comparaci\u00f3n de firmas"
}
],
"id": "CVE-2021-26713",
"lastModified": "2024-11-21T05:56:43.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T20:15:13.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-007.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3000F83F-4D47-4BA8-BF35-844C41BFBE18",
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C549ED-B864-47C9-ACD8-C695FC7DAE57",
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F12809-5F7E-4B99-A028-30B43BAFB5A6",
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC7665A-FF2F-4A20-B695-96C2217D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "18C39C0A-7F81-4734-8C1D-4FFDF070F526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F809DB3A-457F-4DEF-9B11-E3FCDF2D8466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1F170494-F60A-42C2-A2CE-1BB5BDCC8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "2A28B713-6CBB-4F4D-A54B-17758DD35EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7D110F5-E431-4F31-8723-494D20D9108D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AMI) autenticado remoto sin autorizaci\u00f3n del sistema podr\u00eda usar una petici\u00f3n Originate AMI especialmente dise\u00f1ada para ejecutar comandos arbitrarios del sistema."
}
],
"id": "CVE-2019-18610",
"lastModified": "2024-11-21T04:33:21.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T18:15:11.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 07:15
Modified
2024-11-21 06:34
Severity ?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-006.html | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D5A9E8-239F-492C-95AD-7CF2AB964D87",
"versionEndExcluding": "16.16.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA36883-D695-47A1-8CA7-2F128BFA194D",
"versionEndExcluding": "17.9.3",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEE180D-A041-42AB-AE5E-DDBD9CF0AACF",
"versionEndExcluding": "18.2.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
},
{
"lang": "es",
"value": "La funci\u00f3n res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el env\u00edo de una l\u00ednea m=image y un puerto cero en una respuesta a una Re invitaci\u00f3n T.38 iniciada por Asterisk. Se trata de una reaparici\u00f3n de los s\u00edntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. El fallo es producido porque se presenta una operaci\u00f3n de append relativa a la topolog\u00eda activa, pero deber\u00eda ser en cambio una operaci\u00f3n de replace"
}
],
"id": "CVE-2021-46837",
"lastModified": "2024-11-21T06:34:47.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T07:15:07.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff | ||
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2012-003.pdf | Vendor Advisory | |
| secalert@redhat.com | http://osvdb.org/80126 | ||
| secalert@redhat.com | http://secunia.com/advisories/48417 | Vendor Advisory | |
| secalert@redhat.com | http://www.asterisk.org/node/51797 | Vendor Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/03/16/10 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/03/16/17 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1026813 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/74083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-003.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80126 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48417 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/51797 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/03/16/10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/03/16/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026813 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74083 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header."
},
{
"lang": "es",
"value": "Vulnerabilidad de desboramiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n ast_parse_digest en main/utils.c en Asterisk v1.8.x antes de v1.8.10.1 y v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en una cabecera HTTP Digest Authentication"
}
],
"id": "CVE-2012-1184",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-18T18:55:04.270",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80126"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48417"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026813"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.asterisk.org/node/51797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-02 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html | Broken Link | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-007.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/49303 | Not Applicable | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2493 | Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1027102 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-007.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49303 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2493 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027102 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 6.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
},
{
"lang": "es",
"value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando una determinada opci\u00f3n mohinterpret est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante la colocaci\u00f3n de una llamada en espera."
}
],
"id": "CVE-2012-2947",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-02T15:55:00.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49303"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-014.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Nov/67 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Nov/67 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6A0AB389-2564-4C10-86EB-130672C62AC1",
"versionEndIncluding": "11.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
},
{
"lang": "es",
"value": "ConfBridge en Asterisk 11.x anterior a 11.14.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 no maneja debida mente los cambios de estado, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de canal y consumo de memoria) al causar que transiciones se retrasen, lo que provoca un cambio de estado de estar colgado a estar esperado medios."
}
],
"id": "CVE-2014-8414",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:06.403",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-011.html | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1025734 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-011.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025734 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.6.2.17.3 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18.1 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.7.1 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.4.39.2 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40.1 | |
| digium | asterisk | 1.4.40.2 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41.1 | |
| digium | asterisk | c.3.0 | |
| digium | asterisk | c.3.1.0 | |
| digium | asterisk | c.3.1.1 | |
| digium | asterisk | c.3.2.2 | |
| digium | asterisk | c.3.2.3 | |
| digium | asterisk | c.3.3.2 | |
| digium | asterisk | c.3.6.2 | |
| digium | asterisk | c.3.6.3 | |
| digium | asterisk | c.3.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA6B65B-1D93-4028-BD85-8879D310B896",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0606F179-8817-4124-B92B-CD868B216320",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
"matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
"matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests."
},
{
"lang": "es",
"value": "chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2, v1.6.2.x anteriores a v1.6.2.18.2, y v1.8.x anteriores a v1.8.4.4, y Asterisk Business Edition vC.3.x anteriores a vC.3.7.3,no tiene en cuenta la opci\u00f3n alwaysauthreject y genera diferentes respuestas no v\u00e1lidas para solicitudes SIP en funci\u00f3n de si la cuenta de usuario existe, lo que permite a atacantes remotos enumerar los nombres de cuenta a trav\u00e9s de una serie de peticiones."
}
],
"id": "CVE-2011-2536",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-06T19:55:03.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-23 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 | Patch | |
| cve@mitre.org | http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 | Patch | |
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html | ||
| cve@mitre.org | http://secunia.com/advisories/22480 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22651 | ||
| cve@mitre.org | http://secunia.com/advisories/22979 | ||
| cve@mitre.org | http://secunia.com/advisories/23212 | ||
| cve@mitre.org | http://securitytracker.com/id?1017089 | Patch | |
| cve@mitre.org | http://www.asterisk.org/node/109 | Patch | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/521252 | US Government Resource | |
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_69_asterisk.html | ||
| cve@mitre.org | http://www.osvdb.org/29972 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/449127/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/449183/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/20617 | Exploit, Patch | |
| cve@mitre.org | http://www.us.debian.org/security/2006/dsa-1229 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/4097 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/29663 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22480 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22651 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22979 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23212 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017089 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/109 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/521252 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_69_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29972 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449127/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449183/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20617 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us.debian.org/security/2006/dsa-1229 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4097 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/29663 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 0.1.7 | |
| digium | asterisk | 0.1.8 | |
| digium | asterisk | 0.1.9 | |
| digium | asterisk | 0.1.9.1 | |
| digium | asterisk | 0.2 | |
| digium | asterisk | 0.3 | |
| digium | asterisk | 0.4 | |
| digium | asterisk | 0.7 | |
| digium | asterisk | 0.7.1 | |
| digium | asterisk | 0.7.2 | |
| digium | asterisk | 0.9 | |
| digium | asterisk | 1.0 | |
| digium | asterisk | 1.0.7 | |
| digium | asterisk | 1.0.8 | |
| digium | asterisk | 1.0.9 | |
| digium | asterisk | 1.0.10 | |
| digium | asterisk | 1.0.11 | |
| digium | asterisk | 1.2.6 | |
| digium | asterisk | 1.2.7 | |
| digium | asterisk | 1.2.8 | |
| digium | asterisk | 1.2.9 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2_beta1 | |
| digium | asterisk | 1.2_beta2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82621C2B-B5F0-4E70-A619-0213005DADB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9750B74B-F766-4869-880B-4E5E41D90533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCA1D9-0D47-4F0A-A78F-F85FADE0C9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC453F5-C46A-45E9-B7DE-3C5BF752F305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23472323-E37F-4946-A0D6-DB7FB96E9388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16FC9C13-ADDD-4F09-B977-EE0DEF598B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C20296F-F70A-4D3C-A062-B6054617841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7FF734-C669-4944-B813-2B18C206D5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "120823D3-72A0-41A2-8BEB-984B3FC5E4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8679FD-B2E5-46F6-B20C-F109B9706C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E951589C-CF17-49C7-B12E-303AD07800E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FAB63F-B9F8-4D39-AEE9-BC0E54BAA944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC20315-40B5-4DA1-AC49-E911C03AEA6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en los tel\u00e9fonos Cisco SCCP, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un cierto valor dlen que pasa una comparaci\u00f3n de entero con signo y lleva a un desbordamiento de b\u00fafer basado en mont\u00f3n."
}
],
"evaluatorSolution": "Failed exploit attempts will likely crash the server, denying further service to legitimate users.\r\nThis vulnerability is addressed in the following product releases:\r\nAsterisk, Asterisk, 1.0.12 or later\r\nAsterisk, Asterisk, 1.2.13 or later",
"id": "CVE-2006-5444",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-23T17:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22480"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22979"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23212"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017089"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.asterisk.org/node/109"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/521252"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29972"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/20617"
},
{
"source": "cve@mitre.org",
"url": "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4097"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.asterisk.org/node/109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/521252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/20617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us.debian.org/security/2006/dsa-1229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-24 20:04
Modified
2025-04-03 01:03
Severity ?
Summary
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://labs.musecurity.com/advisories/MU-200608-01.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22651 | ||
| cve@mitre.org | http://securitytracker.com/id?1016742 | Patch | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/444322/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19683 | Patch | |
| cve@mitre.org | http://www.sineapps.com/news.php?rssid=1448 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/3372 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28544 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28564 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.musecurity.com/advisories/MU-200608-01.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22651 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016742 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/444322/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19683 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sineapps.com/news.php?rssid=1448 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3372 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28564 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable."
},
{
"lang": "es",
"value": "Asterisk 1.2.10 soporta el uso de variables controladas por cliente para determinar los nombres de archivo en la funci\u00f3n Record, lo que permite a atacantes remotos (1) ejecutar c\u00f3digo mediante especificadores de cadena de formato o (2) sobrescribir archivos mediante saltos de directorio relacionados con vectores no especificados, como se ha demostrado mediante la variable CALLERIDNAME."
}
],
"id": "CVE-2006-4346",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-24T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"source": "cve@mitre.org",
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-10 15:00
Modified
2025-04-12 10:46
Severity ?
Summary
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2015-0153.html | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2015-003.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2015/Apr/22 | ||
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3700 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:206 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/535222/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/74022 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1032052 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2015-0153.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2015-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2015/Apr/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3700 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/535222/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032052 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.1 | |
| digium | asterisk | 1.8.12.2 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.1 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.1 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.1 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.1 | |
| digium | asterisk | 1.8.28.2 | |
| digium | asterisk | 1.8.32.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.1 | |
| digium | asterisk | 12.3.2 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.1 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.1 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.1 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*",
"matchCriteriaId": "27E0B1E7-1DA3-47C4-AA2A-54D4C2C48A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
"matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*",
"matchCriteriaId": "593ED9E3-D56C-4336-976B-27D30EED658A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "92AC8BBA-6487-449D-A070-2450B1BDE8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "A5DCA653-B269-4C8C-97DD-92514461B090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.8 anterior a 1.8.32.3, 11.x anterior a 11.17.1, 12.x anterior a 12.8.2, y 13.x anterior a 13.3.2 y Certified Asterisk 1.8.28 anterior a 1.8.28-cert5, 11.6 anterior a 11.6-cert11, y 13.1 anterior a 13.1-cert2, cuando registra un dispositivo SIP TLS, no maneja correctamente un byte nulo en un nombre de dominio en el campo Common Name (CN) del sujeto de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL arbitrarios a trav\u00e9s de un certificado manipulado emitido por una autoridad de certificaci\u00f3n leg\u00edtima."
}
],
"id": "CVE-2015-3008",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-10T15:00:10.240",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74022"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-09-17 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.atstake.com/research/advisories/2003/a090403-1.txt | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.atstake.com/research/advisories/2003/a090403-1.txt | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el get_msg_text de chan_sip.c en el protocolo de iniciaci\u00f3n de sesi\u00f3n de entregas de Asterisk anteriores al 15/08/2003, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante ciertas peticiones MESSAGE o INFO."
}
],
"id": "CVE-2003-0761",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-09-17T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-30 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2009-004.html | Vendor Advisory | |
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt | Exploit | |
| cve@mitre.org | http://osvdb.org/56571 | ||
| cve@mitre.org | http://secunia.com/advisories/36039 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/35837 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022608 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/2067 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/52046 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-004.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/56571 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36039 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35837 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022608 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2067 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/52046 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer."
},
{
"lang": "es",
"value": "main/rtp.c en Asterisk Open Source v1.6.1 anterior v1.6.1.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un marco de texto RTP sin un determinado delimitador, lo que provoca una deferencia a puntero NULL y su consecuente c\u00e1lculo no v\u00e1lido de puntero."
}
],
"id": "CVE-2009-2651",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-30T20:00:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/56571"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36039"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35837"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022608"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2067"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/56571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2025-04-12 10:46
Severity ?
Summary
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-003.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-23210 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-23210 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request."
},
{
"lang": "es",
"value": "El controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.1, cuando qualify_frequency \"est\u00e1 habilitado en un AOR y el servidor SIP remoto desaf\u00eda para autenticaci\u00f3n de la solicitud OPTIONS resultante,\" permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un Endpoint de PJSIP que no tiene una solicitud saliente asociada."
}
],
"id": "CVE-2014-2288",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:38.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-12 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff | Patch, Vendor Advisory | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff | Patch, Vendor Advisory | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-008.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94792 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037407 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-26579 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-008.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94792 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-26579 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Asterisk Open Source 13.12.x y 13.13.x en versiones anteriores 13.13.1 y 14.x en versiones anteriores 14.2.1. Si se recibe una prueba o respuesta SDP con el codec Opus y con los par\u00e1metros de formato separados usando un espacio de c\u00f3digo responsable de an\u00e1lisis llamar\u00e1 a si mismo de forma recursiva hasta que se bloquee. Esto ocurre cuando el c\u00f3digo no maneja adecuadamente los espacios que separan los par\u00e1metros. Esto NO requiere que el punto final tenga Opus configurado en Asterisk. Esto tampoco requiere que el punto final est\u00e9 autenticado. Si el invitado est\u00e1 habilitado para chan_sip o an\u00f3nimo en chan_pjsip una prueba o respuesta SDP se sigue procesando y se produce el bloqueo."
}
],
"id": "CVE-2016-9937",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-12T21:59:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94792"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037407"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-07 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/20497 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/20658 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/20899 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/21222 | Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1016236 | Patch | |
| cve@mitre.org | http://www.asterisk.org/node/95 | ||
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1126 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_38_security.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/436127/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/436671/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/18295 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2181 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20497 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20899 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21222 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016236 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/95 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1126 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_38_security.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/436127/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/436671/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18295 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2181 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27045 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8679FD-B2E5-46F6-B20C-F109B9706C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nAsterisk, Asterisk, 1.2.9 \r\nAsterisk, Asterisk, 1.0.11",
"id": "CVE-2006-2898",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-07T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20497"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20658"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20899"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21222"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016236"
},
{
"source": "cve@mitre.org",
"url": "http://www.asterisk.org/node/95"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1126"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18295"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2181"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.asterisk.org/node/95"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-007.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/532415/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/532415/100/0/threaded |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.1 | |
| digium | asterisk | 1.8.12.2 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.1 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.1 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.1 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
"matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.8.x anterior a 1.8.28.1, 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 1.8.15 anterior a 1.8.15-cert6 y 11.6 anterior a 11.6-cert3 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de conexi\u00f3n) a trav\u00e9s de un n\u00famero grande de conexiones HTTP (1) inactivas o (2) incompletas."
}
],
"id": "CVE-2014-4047",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:07.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-02 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-006.html | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3964 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1039252 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/873908 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27103 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3964 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039252 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/873908 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27103 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-29 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | asterisk | 13.11.1 | |
| digium | asterisk | 13.11.2 | |
| digium | asterisk | 13.12 | |
| digium | asterisk | 13.12.0 | |
| digium | asterisk | 13.12.1 | |
| digium | asterisk | 13.12.2 | |
| digium | asterisk | 13.13 | |
| digium | asterisk | 13.13.0 | |
| digium | asterisk | 13.13.1 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.1 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.1 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 14.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.1 | |
| digium | asterisk | 14.0.2 | |
| digium | asterisk | 14.1 | |
| digium | asterisk | 14.01 | |
| digium | asterisk | 14.1.0 | |
| digium | asterisk | 14.1.1 | |
| digium | asterisk | 14.1.2 | |
| digium | asterisk | 14.02 | |
| digium | asterisk | 14.2 | |
| digium | asterisk | 14.2.0 | |
| digium | asterisk | 14.2.1 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.1 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.1 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.1 | |
| digium | asterisk | 11.2.2 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.1 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.2 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.1 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.1 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.1 | |
| digium | asterisk | 11.14.2 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.1 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.17.1 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.1 | |
| digium | asterisk | 11.21.2 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.1 | |
| digium | asterisk | 11.24.0 | |
| digium | asterisk | 11.24.1 | |
| digium | asterisk | 11.25.0 | |
| digium | asterisk | 11.25.1 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
"matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
},
{
"lang": "es",
"value": "En Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es ejecutar comandos sin autorizaci\u00f3n. El m\u00f3dulo app_minivm tiene una opci\u00f3n de configuraci\u00f3n de programa \"externnotify\" que es ejecutada por la aplicaci\u00f3n dialplan MinivmNotify. La aplicaci\u00f3n emplea el nombre y el n\u00famero caller-id como parte de una cadena integrada pasada al shell del sistema operativopara su interpretaci\u00f3n y ejecuci\u00f3n. Debido a que el nombre y el n\u00famero caller-id pueden proceder de una fuente no confiable, un nombre o n\u00famero caller-id permite una inyecci\u00f3n arbitraria de comandos shell."
}
],
"id": "CVE-2017-14100",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-02T16:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873908"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-02 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-007.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/100583 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1039253 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/873909 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27152 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100583 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039253 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/873909 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27152 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | asterisk | 13.11.1 | |
| digium | asterisk | 13.11.2 | |
| digium | asterisk | 13.12 | |
| digium | asterisk | 13.12.0 | |
| digium | asterisk | 13.12.1 | |
| digium | asterisk | 13.12.2 | |
| digium | asterisk | 13.13 | |
| digium | asterisk | 13.13.0 | |
| digium | asterisk | 13.13.1 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.1 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.1 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 14.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.1 | |
| digium | asterisk | 14.0.2 | |
| digium | asterisk | 14.1 | |
| digium | asterisk | 14.01 | |
| digium | asterisk | 14.1.0 | |
| digium | asterisk | 14.1.1 | |
| digium | asterisk | 14.1.2 | |
| digium | asterisk | 14.02 | |
| digium | asterisk | 14.2 | |
| digium | asterisk | 14.2.0 | |
| digium | asterisk | 14.2.1 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.1 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.1 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 14.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash."
},
{
"lang": "es",
"value": "En el controlador de canal pjsip (res_pjsip) en Asterisk 13.x en versiones anteriores a la 13.17.1 y 14.x en versiones anteriores a la 14.6.1, una URI tel cuidadosamente manipulada en un encabezado From, To, o Contact podr\u00eda provocar el bloqueo de Asterisk."
}
],
"id": "CVE-2017-14098",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-02T16:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100583"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039253"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873909"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-09-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.atstake.com/research/advisories/2003/a091103-1.txt | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.atstake.com/research/advisories/2003/a091103-1.txt | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82621C2B-B5F0-4E70-A619-0213005DADB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9750B74B-F766-4869-880B-4E5E41D90533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCA1D9-0D47-4F0A-A78F-F85FADE0C9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC453F5-C46A-45E9-B7DE-3C5BF752F305",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en la funcionalidad de registro Call Detail Record (CDR) de Asterisk permite a atacantes remotos ejecutra SQL arbitrario mediante una cadena CallerID."
}
],
"id": "CVE-2003-0779",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-09-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-009.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html | ||
| cve@mitre.org | http://secunia.com/advisories/45048 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45201 | ||
| cve@mitre.org | http://secunia.com/advisories/45239 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-009.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45048 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45201 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45239 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2276 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a \u003c (less than) character."
},
{
"lang": "es",
"value": "reqresp_parser.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anteriores a v1.8.4.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y ca\u00edda del demonio) a trav\u00e9s de un paquete SIP con una cabecera Contact que carece de un car\u00e1cter \u003c (menos que)."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-2665",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-06T19:55:03.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45048"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45201"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45239"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-010.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-010.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
},
{
"lang": "es",
"value": "Asterisk Open Source 11.x anterior a 11.12.1 y 12.x anterior a 12.5.1 y Certified Asterisk 11.6 anterior a 11.6-cert6, cuando utilizan el m\u00f3dulo res_fax_spandsp, permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un mensaje fuera de llamada (out of call), lo que no se maneja correctamente en la aplicaci\u00f3n ReceiveFax dialplan."
}
],
"id": "CVE-2014-6610",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:02.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 17:08
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-014.html | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1040056 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27480 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040056 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27480 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE78C41-D7BE-4910-BB77-3DFB63690382",
"versionEndIncluding": "13.18.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A845013E-DD73-45F2-A962-6F0A580A4E95",
"versionEndIncluding": "14.7.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09447B7F-89BA-4FD5-8E6F-A166681A22F7",
"versionEndIncluding": "15.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
"matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Asterisk en versiones 13.18.4 y anteriores, 14.7.4 y anteriores, 15.1.4 y anteriores y 13.18-cert1 y anteriores. Un conjunto de mensajes SIP seleccionados crean un di\u00e1logo en Asterisk. Estos mensajes SIP deben contener una cabecera contact. Para estos mensajes, si la cabecera no estuviera presente y se utilizase el controlador de canal PJSIP, Asterisk se cerrar\u00eda de forma inesperada. La gravedad de esta vulnerabilidad se mitiga en cierta medida habilitando la autenticaci\u00f3n. Si se habilita la autenticaci\u00f3n, un usuario tendr\u00eda que estar autorizado antes de alcanzar el punto de cierre inesperado."
}
],
"id": "CVE-2017-17850",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T17:08:20.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2011-004.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/17/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/21/12 | Patch | |
| secalert@redhat.com | http://securitytracker.com/id?1025224 | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2225 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/46898 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0686 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0790 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=688678 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/66140 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/17/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/21/12 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025224 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46898 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0686 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=688678 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66140 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.1.17 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.21 | |
| digium | asterisk | 1.6.1.22 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API."
},
{
"lang": "es",
"value": "tcptls.c en el servidor TCP/TLS en Asterisk Open Source v1.6.1.x anterior a v1.6.1.23, v1.6.2.x anterior a v1.6.2.17.1, y v1.8.x anterior a v1.8.3.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia a un puntero NUL) mediante el establecimiento de muchas sesiones TCP cortas a los servicios que utilizan una cierta API de TLS."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-1175",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-31T22:55:03.223",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025224"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46898"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-008.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/532416/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-008.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/532416/100/0/threaded |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63CB4F59-5EE5-4767-8303-090CCF64C185",
"versionEndIncluding": "12.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout."
},
{
"lang": "es",
"value": "El controlador de canales PJSIP en Asterisk Open Source anterior a 12.3.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) mediante la terminaci\u00f3n de una solicitud de suscripci\u00f3n antes de que se haya completado, lo que provoca un timeout de la transacci\u00f3n SIP."
}
],
"id": "CVE-2014-4048",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:08.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-14 20:29
Modified
2024-11-21 03:57
Severity ?
Summary
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2018-010.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-28127 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2018-010.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-28127 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 15.0.0 | |
| digium | asterisk | 15.0.0 | |
| digium | asterisk | 15.0.0 | |
| digium | asterisk | 15.1.0 | |
| digium | asterisk | 15.1.0 | |
| digium | asterisk | 15.1.0 | |
| digium | asterisk | 15.1.2 | |
| digium | asterisk | 15.1.3 | |
| digium | asterisk | 15.1.4 | |
| digium | asterisk | 15.1.5 | |
| digium | asterisk | 15.2.0 | |
| digium | asterisk | 15.2.0 | |
| digium | asterisk | 15.2.1 | |
| digium | asterisk | 15.2.2 | |
| digium | asterisk | 15.3.0 | |
| digium | asterisk | 15.3.0 | |
| digium | asterisk | 15.3.0 | |
| digium | asterisk | 15.4.0 | |
| digium | asterisk | 15.4.0 | |
| digium | asterisk | 15.4.0 | |
| digium | asterisk | 15.4.1 | |
| digium | asterisk | 15.5.0 | |
| digium | asterisk | 15.5.0 | |
| digium | asterisk | 15.6.0 | |
| digium | asterisk | 15.6.0 | |
| digium | asterisk | 15.6.1 | |
| digium | asterisk | 16.0.0 | |
| digium | asterisk | 16.0.0 | |
| digium | asterisk | 16.0.0 | |
| digium | asterisk | 16.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75CAA3E0-1D14-4EEB-9F66-3033114389B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "612AC9AC-706F-4013-BA3F-83459E049387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0D20EE5-E2C7-4CD3-9932-33A0C27465C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C42CFBDA-8B84-4A8F-8C1E-207C48138DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B0C2D39-0D85-4655-968F-9B6F48C4DE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25307605-D767-4253-BEE7-928B89DA260A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17F0D6D8-AE61-4A0C-B8D6-D91DECB407D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA48CBAB-AD3D-4D2A-9932-D21DB10F0884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A069FD52-C61C-49A4-A863-0FDB21B031B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "491EE070-6913-4AB4-BDB1-CFDCAEFEEFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "72541FC4-4CC7-435F-B51D-4754E873EBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A2AA7A-C598-4F0A-BF83-C804566C5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A3B57E-1E68-48CF-902E-4C90FC738B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31B1CB-F285-4893-B7A4-3D16CC15CEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188F9FF1-917F-4475-ABD0-AAE7C1DE3FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FA8E1FE-EDBB-4514-AC13-9CBD4D960A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "35EE1555-A2E3-43AF-B2CD-E8765B1BAB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2072763A-8827-46E9-83A3-515034FE5C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F794F923-F083-4A74-BB34-111738B975F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C91BFC78-4EB7-40EA-A856-5A5EE8E2F360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8141848C-3CA7-4985-92F5-43A997D1D58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "093D158E-5714-4301-8B25-BD4C5084148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EFEFA2C7-470D-4B8B-AC9A-33B910DB5848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91947213-906A-462B-98CA-92346C5537CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7E25333A-4264-44BF-B49F-F955E5C15981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "579C6BBD-6202-40BC-91F8-AE8F105CE19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88011728-31A5-430E-8C86-F57E1BF3A2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FA0404B-DB1D-4A14-A6B3-54A754593846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DD960877-245A-4F2A-89AE-550E5939EE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E7A20DD-11B6-4BDE-B516-15C2E980A1E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en las b\u00fasquedas DNS SRV y NAPTR en Digium Asterisk en versiones 15.x anteriores a la 15.6.2 y versiones 16.x anteriores a la 16.0.1 permite que atacantes remotos provoquen el cierre inesperado de Asterisk mediante una respuesta DNS SRV o NAPTR especialmente manipulada. Esto se debe a que se supone que un tama\u00f1o de b\u00fafer coincide con una longitud expandida, pero en realidad coincide con una longitud comprimida."
}
],
"id": "CVE-2018-19278",
"lastModified": "2024-11-21T03:57:39.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-14T20:29:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-14 20:15
Modified
2024-11-21 08:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| security-advisories@github.com | http://seclists.org/fulldisclosure/2023/Dec/24 | Exploit, Mailing List, Third Party Advisory | |
| security-advisories@github.com | http://www.openwall.com/lists/oss-security/2023/12/15/7 | Exploit, Mailing List | |
| security-advisories@github.com | https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race | Exploit | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq | Exploit, Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Dec/24 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/15/7 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | 21.0.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anteriores a las versiones 18.20.1, 20.5.1 y 21.0.1; as\u00ed como certificado-asterisco anterior a 18.9-cert6; Asterisk es susceptible a un DoS debido a una condici\u00f3n de ejecuci\u00f3n en la fase \"hello handshake\" del protocolo DTLS cuando maneja DTLS-SRTP para la configuraci\u00f3n de medios. Este ataque se puede realizar de forma continua, negando as\u00ed nuevas llamadas cifradas DTLS-SRTP durante el ataque. El abuso de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio masiva en servidores Asterisk vulnerables para llamadas que dependen de DTLS-SRTP. El commit d7d7764cb07c8a1872804321302ef93bf62cba05 contiene una soluci\u00f3n, que forma parte de las versiones 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"id": "CVE-2023-49786",
"lastModified": "2024-11-21T08:33:50.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T20:15:52.927",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-009.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-009.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
},
{
"lang": "es",
"value": "El m\u00f3dulo res_pjsip_pubsub en Asterisk Open Source 12.x anterior a 12.5.1 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de cabeceras manipuladas en una solicitud SIP SUBSCRIBE para un paquete de eventos."
}
],
"id": "CVE-2014-6609",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:01.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-22 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-002.html | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3700 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/82651 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1034930 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-002.html | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3700 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/82651 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034930 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.1 | |
| digium | asterisk | 1.8.12.2 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.1 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.1 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.1 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.1 | |
| digium | asterisk | 1.8.28.2 | |
| digium | asterisk | 1.8.32.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.1 | |
| digium | asterisk | 12.3.2 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.1 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.1 | |
| digium | asterisk | 12.8.2 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "25E7F7F5-E85A-4720-B5C9-2B776B04D904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1EA7C5-CE37-4A7E-AF81-636228F3BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10823FD4-D618-4050-91D7-CBDE69BC570D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:-:*:*:*:*:*:*",
"matchCriteriaId": "96463965-1F99-42DB-9745-5B4E49A48F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74CB86-72C3-4913-8EB6-3BBA1D3BC65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
"matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
},
{
"lang": "es",
"value": "chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3, cuando la configuraci\u00f3n de timert1 en sip.conf se establece en un valor mayor que 1245, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de descriptor de archivo) a trav\u00e9s de vectores relacionados con valores de caducidad de retransmisi\u00f3n grandes."
}
],
"id": "CVE-2016-2316",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-22T15:59:02.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034930"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-015 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2013/dsa-2605 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-20175 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-015 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-20175 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.1 | |
| digium | asterisk | 10.4.2 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | asterisk | 10.5.2 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.1 | |
| digium | asterisk | 10.8.0 | |
| digium | asterisk | 10.8.0 | |
| digium | asterisk | 10.8.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.1 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | asterisk | 10.5.2 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE324AC-5231-43DB-B077-EA1E0145FF5B",
"versionEndIncluding": "1.8.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5552D1C-C05A-4B67-A025-BBD3022C7B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F8B72-EEC9-4021-B320-8CB6E83856F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A0F946-6A51-4E4D-8E8A-CA6DF222289F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C7619B8-B986-4B24-BFFD-956A1A6780FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CF339A-A38B-40CE-9811-A6CE77B29025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13856847-32A8-401D-A6DC-8DB96AE739FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8E8F4ED-AA7B-4B19-8416-6BC0608C760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B7A900B2-0F3C-450E-8933-BDD5C9627EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52B5F73C-174A-4A0B-8D14-EC10779FC884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "BF86A1A0-D3D7-485A-A46C-7619F74CE821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
},
{
"lang": "es",
"value": "Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones v10.x-digiumphones anteriores a v10.11.1-digiumphones, cuando est\u00e1n permitidas las llamadas an\u00f3nimas, permiten a atacantes remotos a provocar una denegaci\u00f3n de servicio(consumo de recursos) haciendo llamadas an\u00f3nimas desde m\u00faltiples fuentes y en consecuencia, a\u00f1adir varias entradas a la cach\u00e9 de estado del dispositivo."
}
],
"id": "CVE-2012-5977",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T15:55:02.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-12 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2009-005.html | Product | |
| cve@mitre.org | http://labs.mudynamics.com/advisories/MU-200908-01.txt | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/36227 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/505669/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/36015 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1022705 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/2229 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2009-005.html | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.mudynamics.com/advisories/MU-200908-01.txt | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36227 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505669/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36015 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022705 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2229 | Broken Link, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*",
"matchCriteriaId": "C7DBF0A2-9606-43EF-88E6-905B4864D377",
"versionEndExcluding": "b.2.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*",
"matchCriteriaId": "945FA0F6-42A8-4AF4-9EF6-4B16D08B2724",
"versionEndIncluding": "c.2.4.1",
"versionStartIncluding": "c.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*",
"matchCriteriaId": "7375080A-38B8-4230-875B-FC6184F23792",
"versionEndExcluding": "c.3.1",
"versionStartIncluding": "c.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7FEE3E-B19C-4E7E-92D6-D0032A5DAA59",
"versionEndExcluding": "1.3.0.3",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15C35F93-0E57-4AEB-AA5F-4EDFAE753451",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86564062-C367-4652-820A-7B4700011463",
"versionEndExcluding": "1.2.34",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD3CE8A-7145-4501-A61A-D29F575E8795",
"versionEndExcluding": "1.4.26.1",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6BB86F-2FC7-4830-AC2E-4F114D87FE4C",
"versionEndExcluding": "1.6.0.12",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DBF98F-EF1D-4DC0-93FE-2EC280AAA5EF",
"versionEndExcluding": "1.6.1.4",
"versionStartIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
},
{
"lang": "es",
"value": "El driver SIP channel en Asterisk Open Source v1.2.x anterior a v1.2.34, v1.4.x anterior a v1.4.26.1, v1.6.0.x anterior a v1.6.0.12, y v1.6.1.x anterior a v1.6.1.4; Asterisk Business Edition vA.x.x, vB.x.x anterior a vB.2.5.9, vC.2.x anterior a vC.2.4.1, y vC.3.x anterior a vC.3.1; y Asterisk Appliance s800i v1.2.x anterior a v1.3.0.3, no utiliza el ancho m\u00e1ximo cuando se invocan las funciones de estilo sscanf, lo que permite a atacantes remotos producir una denegaci\u00f3n de servicio (agotamiento de la pila de memoria) a trav\u00e9s de paquetes SIP que contienen secuencias largas de caracteres ASCII decimales, como se demostr\u00f3 a trav\u00e9s de vectores relacionados con (1) el valor CSeq en una cabecera SIP, (2) valores Content-Length, y (3) SDP."
}
],
"id": "CVE-2009-2726",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-12T10:30:01.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36227"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-008.html | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Nov/20 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Nov/20 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE39000C-238B-45D9-A2C0-9907A7FB4C36",
"versionEndIncluding": "13.29.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9D13EC-820A-4D7E-9AB1-F81DCFF324DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*",
"matchCriteriaId": "BF36760E-856B-4D74-98BF-129323E9306B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo res_pjsip_t38.c en Sangoma Asterisk versiones hasta 13.x y Certified Asterisk versiones hasta 13.21-x. Si recibe una nueva invitaci\u00f3n para iniciar el env\u00edo de faxes T.38 y tiene un puerto de 0 y sin l\u00ednea c en el SDP, se producir\u00e1 una desreferencia del puntero NULL y un bloqueo. Esto es diferente de CVE-2019-18940."
}
],
"id": "CVE-2019-18976",
"lastModified": "2024-11-21T04:33:55.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T17:15:11.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-008.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2011-008.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html | ||
| cve@mitre.org | http://secunia.com/advisories/45048 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45201 | ||
| cve@mitre.org | http://secunia.com/advisories/45239 | ||
| cve@mitre.org | http://securitytracker.com/id?1025706 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2276 | ||
| cve@mitre.org | http://www.osvdb.org/73307 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/48431 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/68203 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-008.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45048 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45201 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45239 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025706 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/73307 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48431 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68203 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0.1 | |
| digium | asterisk | 1.6.0.2 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.4 | |
| digium | asterisk | 1.6.0.5 | |
| digium | asterisk | 1.6.0.6 | |
| digium | asterisk | 1.6.0.7 | |
| digium | asterisk | 1.6.0.8 | |
| digium | asterisk | 1.6.0.9 | |
| digium | asterisk | 1.6.0.10 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.12 | |
| digium | asterisk | 1.6.0.13 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.15 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.17 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.19 | |
| digium | asterisk | 1.6.0.20 | |
| digium | asterisk | 1.6.0.21 | |
| digium | asterisk | 1.6.0.21 | |
| digium | asterisk | 1.6.0.22 | |
| digium | asterisk | 1.6.0.23 | |
| digium | asterisk | 1.6.0.24 | |
| digium | asterisk | 1.6.0.25 | |
| digium | asterisk | 1.6.0.26 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.1.17 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.21 | |
| digium | asterisk | 1.6.1.22 | |
| digium | asterisk | 1.6.1.23 | |
| digium | asterisk | 1.6.1.24 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.6.2.17.3 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
"matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBA9D27-E3DC-45CE-B56B-2C6781AA6A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14CD1CCD-DFF2-4813-B56F-EA1C78AA818E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4499411B-C92E-47F3-A6F2-8C9011B1CBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBC113E-6304-4605-B024-D6D7A264DC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3FCBAE-2A39-482A-ADF9-870DF63F89D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9684FD88-7422-4272-B9BC-D8638B1AA0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F6FF8-8B88-4A02-B23A-0CADA8CE316E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D552F2D3-EB70-413E-8C4F-DD3283434C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "15C4C10F-BD36-491A-87E7-2F072796DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929EAA61-BA69-4F36-A5E9-B8F066405384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E60A7436-AFDB-4540-BD4B-01F25BDFBA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5A1CCA12-CCF2-46F5-BBDD-AAC0C1E8C5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1D4D06-9D83-495F-98BC-0B6E1C3566B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8D8A87FD-EB9C-4D65-824A-159C206F28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "55585411-9272-4ED6-962C-B27EBAE11C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF7BDB9D-403D-4BC4-83FA-AD39EF131714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7F74046A-9B96-4EE7-AC14-F2A1FBDF65E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "512545F1-F007-43D7-AAE9-8120BC5821D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "339BEF35-835E-4B06-B9B4-C2DF26A7B3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "185AF628-BE86-4B09-B7F3-FEF035A6FAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0643E55-D1D2-4EF3-9CCF-6CBD87F84BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "87BBDF0F-7A23-48BA-98BC-0EDEDD2CDDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle \u0027\\0\u0027 characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet."
},
{
"lang": "es",
"value": "chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.6.x anterior a v1.6.2.18.1 y v1.8.x anteriores a v1.8.4.3 no manejan adecuadamente los caracteres \u0027\\0\u0027 en los paquetes SIP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener un impacto no especificado a trav\u00e9s de un paquete dise\u00f1ado."
}
],
"id": "CVE-2011-2529",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-06T19:55:03.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45048"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45201"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/45239"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025706"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/73307"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48431"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-09 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2017-011.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/101765 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27345 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | ||
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2017-011.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101765 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27345 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4076 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDB1A9-AC31-4A47-A222-0C4E17274A02",
"versionEndExcluding": "13.18.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861B3BC-A35A-4617-A24E-F88D27DBE3F6",
"versionEndExcluding": "14.7.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651DC4FA-A4EF-40DC-9B54-3ED928A7531A",
"versionEndExcluding": "15.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E9DFD7C-9ED1-4561-8AFF-69D98E8E398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA8BFAC6-17A7-4B80-B436-0FFA4B9EA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "954376A0-A03C-47D9-BC5E-14B005DB3940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "07BB081F-504D-42E3-9CDE-4005572CA0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "0A4D417F-485E-4CAD-8542-A22BBA2869E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "61F70CD2-1727-4955-A81B-8927AEF468ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "A9437455-90FB-4F90-B246-A37E558C9CE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. Ocurre una fuga de memoria cuando un objeto de sesi\u00f3n pjsip de Asterisk se crea y la llamada se rechaza antes de que la sesi\u00f3n se establezca por completo. Cuando esto ocurre, el objeto de sesi\u00f3n nunca se destruye. Asterisk podr\u00eda quedarse sin memoria y cerrarse de manera inesperada."
}
],
"id": "CVE-2017-16672",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-09T00:29:00.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-09 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-011.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/50687 | ||
| cve@mitre.org | http://secunia.com/advisories/50756 | ||
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2550 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/54317 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-20052 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-011.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54317 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-20052 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asteriske | 1.8.8.0 | |
| digium | asteriske | 1.8.9.1 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.1 | |
| digium | asterisk | 10.4.2 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5B9023E8-DB6F-4DE2-BB1E-D941BE279477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6135C4-7930-4DD5-80CD-4DC7F53956D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
},
{
"lang": "es",
"value": "vulnerabilidad de doble liberaci\u00f3n en apps/app_voicemail.c en Asterisk Open Source v1.8.x anteriores v1.8.13.1 y v10.x anteriores a v10.5.2, Certified Asterisk v1.8.11-certx anteriores a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anteriores a v10.5.2-digiumphones permite a usuarios autenticados remotos a provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) debido al establecimiento de m\u00faltiples sesiones correo de voz y accediendo a buz\u00f3n urgente (Urgent) a trav\u00e9s del buz\u00f3n de entrada INBOX."
}
],
"id": "CVE-2012-3812",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-09T22:55:01.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54317"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-24 22:29
Modified
2024-11-21 03:54
Severity ?
Summary
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2018-009.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Sep/31 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/105389 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1041694 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-28013 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2018/Sep/53 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2018-009.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Sep/31 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105389 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041694 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-28013 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2018/Sep/53 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "8D9D833C-E847-48D0-9BC1-83B52294AF50",
"versionEndIncluding": "13.23.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6072FE25-86B3-4C45-841D-60BCB1817535",
"versionEndIncluding": "14.7.7",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:standard:*:*:*",
"matchCriteriaId": "3BF8E2D1-2583-4EC7-A274-605AB41CD3EC",
"versionEndIncluding": "15.6.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:lts:*:*:*",
"matchCriteriaId": "169467F0-A818-4E58-884A-8409E376DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:lts:*:*:*",
"matchCriteriaId": "DC59BE10-CFBF-43DC-99C8-81A20C020395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:lts:*:*:*",
"matchCriteriaId": "911BAB3E-20E4-4B34-80AC-94324BFA36BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "F0AEB812-85F2-4030-A8F8-D96F72C22BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "2E91D289-8971-4259-A969-1597EDB51E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "948496CC-B5D4-41E5-9560-F59183C99209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "1D2AD7E2-D830-48D3-9D7B-4B3D36884E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "79F2CF46-8580-4AFC-AA40-42611C17AB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "B6BC624E-D8A6-4E1F-B8B8-E4EB743AC1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "0734E999-DC1E-4107-83D6-31A08F134168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "2FE884C8-5ED3-4B4F-883A-DB7B503435D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "D64CD3D3-7EE0-4B0B-A66E-976CC7507CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "CFA9BFA1-6C15-4702-B2AC-1E2D3E6B4312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "4678389A-2EE0-49FC-AEA6-45CAEEF61F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "4100EF36-CDBB-493B-9D03-E1B70C5F055A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "859F4687-C937-476C-9DA6-2A0B18BEF3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "10E6C1A9-2917-471F-92EB-249E25F234C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "76C3CE8D-C4FC-4A1B-AC6A-5C27BE836DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "B95DE43E-F864-4A8E-8D49-3E2D7CFE6BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "CE887232-A798-4179-B870-01B26685D8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "7D19CBBB-8ED0-45B9-8977-6CCCA82DFF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "79E404AC-A27E-49AE-891D-CA9C7164D8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "BA930626-B4BA-4A2D-AF55-B4F0E94B1BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "85583966-C42B-4A27-B19D-B3E1C956A5A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de consumo de pila en el m\u00f3dulo res_http_websocket.so de Asterisk hasta la versi\u00f3n 13.23.0; versiones 14.7.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.6.0, as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.21-cert2. Permite que un atacante provoque el cierre inesperado de Asterisk mediante una petici\u00f3n HTTP para actualizar la conexi\u00f3n a un websocket."
}
],
"id": "CVE-2018-17281",
"lastModified": "2024-11-21T03:54:10.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-24T22:29:01.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules."
},
{
"lang": "es",
"value": "El m\u00f3dulo res_pjsip_acl en Asterisk Open Source 12.x en versiones anteriores a 12.7.1 y 13.x en versiones anteriores a 13.0.1 no crea y carga adecuadamente ACLs definidos en pjsip.conf en el arranque, lo que permite a atacantes remotos eludir las reglas previstas para PJSIP ACL."
}
],
"id": "CVE-2014-8413",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:05.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html | ||
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2011-013.html | ||
| secalert@redhat.com | http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/12/09/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/12/09/4 | ||
| secalert@redhat.com | http://osvdb.org/77597 | ||
| secalert@redhat.com | http://secunia.com/advisories/47273 | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2367 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/12/09/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/12/09/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/77597 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47273 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2367 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.6.2.17.3 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.19 | |
| digium | asterisk | 1.6.2.19 | |
| digium | asterisk | 1.6.2.20 | |
| digium | asterisk | 1.6.2.21 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.7.1 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.4.39.2 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40.1 | |
| digium | asterisk | 1.4.40.2 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41 | |
| digium | asterisk | 1.4.41.1 | |
| digium | asterisk | 1.4.41.2 | |
| digium | asterisk | 1.4.42 | |
| digium | asterisk | 1.4.42 | |
| digium | asterisk | 1.4.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0B515F-6C5B-4A32-BE6E-3B154B4340CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "679A2262-1C6B-4549-84A9-878D7FA502F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "86B7F9F0-A597-42BC-AD54-FAD928B7A332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "76A47DCB-689A-4BD5-B3A5-7DA20052A3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0606F179-8817-4124-B92B-CD868B216320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.41.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E93609A6-7FFD-4179-86E9-0D1292B035B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.42:*:*:*:*:*:*:*",
"matchCriteriaId": "6E73DCA2-DEB0-4966-9822-26543E16A3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.42:rc1:*:*:*:*:*:*",
"matchCriteriaId": "310FFFE1-1400-498F-B576-FA76DCC382BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.42:rc2:*:*:*:*:*:*",
"matchCriteriaId": "225DA4A0-CCAB-448E-8ED8-399D68C45CF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de SIP sobre UDP de Asterisk Open Source 1.4.x anteriores a 1.4.43, 1.6.x anteriores a 1.6.2.21, y 1.8.x anteriores a 1.8.7.2 utiliza diferentes n\u00fameros de puertos para respuestas a peticiones inv\u00e1lidas dependiendo de si el nombre de usuario SIP existe, lo que permite a atacantes remotos enumerar nombres de usuario a trav\u00e9s de series de peticiones."
}
],
"id": "CVE-2011-4597",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-15T03:57:34.310",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
},
{
"source": "secalert@redhat.com",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/77597"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47273"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/77597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2367"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-23 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 | Patch | |
| cve@mitre.org | http://secunia.com/advisories/22651 | ||
| cve@mitre.org | http://secunia.com/advisories/22979 | ||
| cve@mitre.org | http://www.asterisk.org/node/109 | Patch | |
| cve@mitre.org | http://www.asterisk.org/node/110 | Patch | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_69_asterisk.html | ||
| cve@mitre.org | http://www.osvdb.org/29973 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/449183/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/20835 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/4098 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/29664 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22651 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22979 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/109 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.asterisk.org/node/110 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_69_asterisk.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449183/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20835 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4098 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/29664 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.2.0_beta1 | |
| digium | asterisk | 1.2.0_beta2 | |
| digium | asterisk | 1.2.6 | |
| digium | asterisk | 1.2.7 | |
| digium | asterisk | 1.2.8 | |
| digium | asterisk | 1.2.9 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0_beta1 | |
| digium | asterisk | 1.4.0_beta2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B909947-44E3-463E-9FAD-76C8E21A54E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB2F8AA-B70B-4280-BDBD-023037C16D70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el controlador de canal SIP (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de vectores no especificados que resultan en la creaci\u00f3n de una \"estructura pvt real\" que usa m\u00e1s recursos de los necesarios."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nDigium, Asterisk, 1.4.0-beta2\r\nDigium, Asterisk, 1.2.13",
"id": "CVE-2006-5445",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-23T17:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22979"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.asterisk.org/node/109"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.asterisk.org/node/110"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29973"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20835"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4098"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.asterisk.org/node/109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.asterisk.org/node/110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2011-007.html | Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html | ||
| cve@mitre.org | http://osvdb.org/72752 | ||
| cve@mitre.org | http://secunia.com/advisories/44828 | ||
| cve@mitre.org | http://securitytracker.com/id?1025598 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/518236/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/48096 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/67812 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2011-007.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/72752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44828 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025598 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/518236/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/67812 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header."
},
{
"lang": "es",
"value": "reqresp_parser.c del driver del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.4.2 no inicializa ciertas cadenas,lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio ( desreferenciar un puntero NULL y ca\u00edda de demonio ) a trav\u00e9s de un cabecera de contacto con formato incorrecto."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-2216",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-06T19:55:03.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/72752"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44828"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025598"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48096"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-15 05:15
Modified
2024-11-21 06:54
Severity ?
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2022-002.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2022-002.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8AB56FA-AEC6-4A6F-B420-DDBF3390379B",
"versionEndIncluding": "16.25.1",
"versionStartIncluding": "16.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C25BFFCA-90FE-475D-88A7-3BC281B830AF",
"versionEndIncluding": "19.3.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
},
{
"lang": "es",
"value": "Se ha detectado un problema de tipo SSRF en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible enviar peticiones arbitrarias (como GET) a interfaces como localhost usando el encabezado Identity. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2"
}
],
"id": "CVE-2022-26499",
"lastModified": "2024-11-21T06:54:03.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-02 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2017-013.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/102023 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1039948 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27452 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html | ||
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4076 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/43992/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2017-013.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102023 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039948 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27452 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43992/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | * | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
"versionEndIncluding": "13.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
"matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
"matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA00E078-97B8-4C2D-BD07-DB2A25908303",
"versionEndIncluding": "13.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE71990-160B-413F-AB66-C29C7C1CC82F",
"versionEndIncluding": "14.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D39329BD-4A6B-48DB-AFDB-DC58154CBDD8",
"versionEndIncluding": "15.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (tambi\u00e9n conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones."
}
],
"id": "CVE-2017-17090",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-02T00:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/43992/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html | Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Feb/61 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-005.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29196 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Feb/61 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29196 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA1B0D-474E-4F73-A329-F703C928C07D",
"versionEndExcluding": "13.38.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1;\u0026#xa0;14.x, 15.x y 16.xa 16.16.0;\u0026#xa0;17.xa 17.9.1;\u0026#xa0;y 18.xa 18.2.0, y Certified Asterisk versiones hasta 16.8-cert5.\u0026#xa0;Una vulnerabilidad de negociaci\u00f3n SDP en PJSIP permite a un servidor remoto bloquear potencialmente Asterisk mediante el env\u00edo de respuestas SIP espec\u00edficas que causan un fallo en la negociaci\u00f3n SDP"
}
],
"id": "CVE-2021-26906",
"lastModified": "2024-11-21T05:57:00.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T20:15:12.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-14 20:15
Modified
2024-11-21 08:33
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757 | Product | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 | Patch | |
| security-advisories@github.com | https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f | Vendor Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | 21.0.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 13.13.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 16.8.0 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 | |
| sangoma | certified_asterisk | 18.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2023-49294",
"lastModified": "2024-11-21T08:33:12.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T20:15:52.730",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-09 21:15
Modified
2024-11-21 04:28
Severity ?
Summary
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-004.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Mar/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Mar/5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8D1D77-EF86-47B3-85FF-1FD4CFC301D8",
"versionEndIncluding": "15.7.3",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "465E0365-BCFD-4444-A046-D0BD45E40309",
"versionEndIncluding": "16.5.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference."
},
{
"lang": "es",
"value": "res_pjsip_t38 en Sangoma Asterisk 15.x antes de 15.7.4 y 16.x antes de 16.5.1 permite a un atacante desencadenar un fallo enviando un flujo rechazado en una respuesta a una reinvitaci\u00f3n T.38 iniciada por Asterisk. El fallo se produce debido a una derivaci\u00f3n de objeto de medios de sesi\u00f3n NULL."
}
],
"id": "CVE-2019-15297",
"lastModified": "2024-11-21T04:28:24.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-09T21:15:10.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2021/Mar/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2021/Mar/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-09 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2015-001.html | Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2015/Jan/116 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/534573/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id/1031661 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2015-001.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2015/Jan/116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/534573/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031661 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.1 | |
| digium | asterisk | 12.3.2 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.1 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs."
},
{
"lang": "es",
"value": "Asterisk Open Source 12.x anterior a 12.8.1 y 13.x anterior a 13.1.1, cuando utiliza el controlador de canales PJSIP, no recupera correctamente los puertos RTP, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo del descriptor de ficheros) a trav\u00e9s de una oferta SDP que contiene solamente codecs incompatibles."
}
],
"id": "CVE-2015-1558",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-09T11:59:00.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Jan/116"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Jan/116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-12 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2019-003.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-28465 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2019-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-28465 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28.0 | |
| digium | certified_asterisk | 11.0.0 | |
| digium | certified_asterisk | 11.0.0 | |
| digium | certified_asterisk | 11.0.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.2 | |
| digium | certified_asterisk | 11.2 | |
| digium | certified_asterisk | 11.2 | |
| digium | certified_asterisk | 11.2 | |
| digium | certified_asterisk | 11.3.0 | |
| digium | certified_asterisk | 11.3.0 | |
| digium | certified_asterisk | 11.3.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.5.0 | |
| digium | certified_asterisk | 11.5.0 | |
| digium | certified_asterisk | 11.5.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8 | |
| digium | certified_asterisk | 13.8.0 | |
| digium | certified_asterisk | 13.8.0 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13-cert2 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*",
"matchCriteriaId": "27E0B1E7-1DA3-47C4-AA2A-54D4C2C48A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "05D19102-FF8D-439F-87E7-B1FE97C55F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EC4CE45-1378-402C-8552-745B6414B9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F97E946-8876-417D-9C49-D990A14CFBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc2:*:*:*:*:*:*",
"matchCriteriaId": "887F4341-84C2-40F6-BB7C-68DAFC3D188E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9-rc1:*:*:*:*:*:*",
"matchCriteriaId": "C5CBAA8C-29D9-468C-9FA3-CBC005793955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
"matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*",
"matchCriteriaId": "593ED9E3-D56C-4336-976B-27D30EED658A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert7:*:*:*:*:*:*",
"matchCriteriaId": "9FBB5951-3D34-4808-BBC3-5402147FE6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "536ECC06-D2DC-474F-AB44-7A8B16ADFC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6001EFB8-A539-4F3C-B9F3-7A513FA458BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1035C6D2-E8FD-4FFA-9AC7-17534609D68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*",
"matchCriteriaId": "DBD12EE0-78F6-450F-9AD9-D64A55377D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*",
"matchCriteriaId": "BFA21D5A-0BC6-45E0-AD84-F91F185275B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F596E34-529A-41AD-AD51-C1D7EEE0FFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC1BE0BB-A469-4DB6-88CF-80A065329C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EA68726-87EF-490F-BBB8-A321E6C7A16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8B3572-D6F6-45BD-9BE4-D532F9BF134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7738E036-DACC-42EE-B417-CB083319B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A6847720-D556-49D7-BD7F-E0559C6F5780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA81D724-584B-4863-B270-869C415DB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert1:*:*:*:*:*:*",
"matchCriteriaId": "02317CB5-C06E-414B-96A3-255607A5DF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9F2FC5E1-6E2E-4C7A-A888-60FCA303CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert2:*:*:*:*:*:*",
"matchCriteriaId": "08DEE3EC-63F3-45EB-947E-E8503DBD3669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert3:*:*:*:*:*:*",
"matchCriteriaId": "D68D79BE-8302-42D1-87C2-0F2CFF8B1796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF76131B-DF2C-4C6A-8E6B-1319D231402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AB8C209-694F-41BF-9CF2-D68D4E58A43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6438A881-C806-4CC1-9828-C34BBB0FF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704EED6-C72D-427D-AD37-EBC4042CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AF835684-26C6-4734-B586-D5DB4DF33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EB76BC0-2B72-495E-80FC-C6B194648A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F1BC546-92E0-4285-8C18-37705F44B94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D50F0DF-54D3-4883-ADA2-DDB79F786182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0838BEC6-680A-4695-BD1B-309290F16A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F78D49-ED8C-43FF-AE6D-713E90F1A1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "B178B8F1-4AF8-478A-B842-DD5047D65C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9D5545B-44D5-4872-8702-8D49579DE531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc1:*:*:*:*:*:*",
"matchCriteriaId": "5EE8689E-AF57-400D-B321-D3F66D1169FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C55AA35-5E1C-4411-BC01-0FF9D1928EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:*:*:*:*",
"matchCriteriaId": "9A416C55-D670-4CCC-BEFE-12CB3438C81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:*:*:*:*",
"matchCriteriaId": "A79C0247-82DD-4EE7-80F6-9D3DCBB30FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "8A9D3C5C-627E-43A3-89C2-95F7B8803361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5060CAED-EEAB-4AD1-B964-F6538499BF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
"matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:*:*:*:*",
"matchCriteriaId": "61816D1A-D952-4E4F-B5DD-3B7A94BD8596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B4693A3-86BC-4368-AFDA-B0E323776957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:*:*:*:*",
"matchCriteriaId": "4D1D0689-E276-47DD-B51A-C221F12C60A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:*:*:*:*",
"matchCriteriaId": "8433CB3B-56BA-4674-AC2B-813A7F3EDEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:*:*:*:*",
"matchCriteriaId": "9E1066C8-8A7E-487B-8D9B-DD4A55A5C5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:*:*:*:*",
"matchCriteriaId": "3C1A0AE4-EA01-445E-89AE-1A9734478994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4497BD45-DFC5-4729-98CD-20C94BC20C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
"matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C7605A6-380F-44E8-81A1-5BDAEBFFB0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "43DB632E-C528-40E3-8EB0-AA6A7476657C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2016E8F9-542D-46CE-905D-3CBAF97A24A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC283754-B316-4BCE-8EEB-63CAFE68D601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D111448-7C39-4A6D-B492-B3D3DCEA8424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6267CC33-3961-4D9A-899B-4F34BAD64067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CCF7282-A16F-499E-B607-929F346A85A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A52E12AB-99CA-4A34-A0CA-E8B511636A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "ACFD2F39-957E-42CE-8016-21314F432335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "22E13F7F-1D64-4248-84F2-C6E89A2FC977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB08CB2-8FB4-4738-9B67-C27273A78025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E36EFEF-670E-4659-A887-D497D4AA8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED18370-B09E-44D8-8E84-1B0DCDF81864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "2F2F88BE-10E5-4C21-B67B-1AC264921663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "0742A842-254A-4008-9D77-D0A810110841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "06396597-A5D1-4C30-B07F-E989E322733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
"matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
"matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4298EEE5-3F0E-4227-ACF8-CEE18868055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:*:*:*:*",
"matchCriteriaId": "AC42C2B5-4F5F-4D5E-9240-9F104BBB5D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13-cert2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC2D03A-A47C-4211-8FAA-D357E9B98EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
"matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "538C22F0-4DC4-463E-950C-3594E2935B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C3D4786-5B7C-4F8B-9EBE-1C13599EC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "03C662D2-48CF-41DD-BE6B-C2A961C32D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
"matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*",
"matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert4:*:*:*:*:*:*",
"matchCriteriaId": "B69E9C34-4F57-4948-9D53-0856E00F7949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2404213-CAA0-4E84-9D73-7DC8D7DCB558",
"versionEndExcluding": "13.27.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B32887-22B1-4B06-A18D-0C8B690CA699",
"versionEndExcluding": "15.7.3",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B58771D-C37A-487D-8B82-C63F7F45E217",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Asterisk Open Source hasta versiones 13.27.0, 14.x y 15.x hasta 15.7.2, y versiones 16.x hasta 16.4.0, y Certified Asterisk hasta versi\u00f3n 13.21-cert3. Una desreferencia de puntero en chan_sip durante el manejo de la negociaci\u00f3n SDP permite a un atacante bloquear Asterisk cuando maneja una respuesta SDP en una re-invitaci\u00f3n T.38 saliente. Para explotar esta vulnerabilidad un atacante debe hacer que el m\u00f3dulo chan_sip les env\u00ede una petici\u00f3n de re-invitaci\u00f3n T.38. Una vez recibida, el atacante debe enviar una respuesta SDP que contenga tanto un flujo UDPTL T.38 como otro flujo multimedia que contenga solo un c\u00f3dec (lo que no est\u00e1 permitido de acuerdo a la configuraci\u00f3n de chan_sip)."
}
],
"id": "CVE-2019-13161",
"lastModified": "2024-11-21T04:24:19.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-12T20:15:11.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-12 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2015-0010.html | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-019.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Dec/48 | ||
| cve@mitre.org | http://secunia.com/advisories/60251 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:018 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/534197/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/71607 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1031345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2015-0010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Dec/48 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/60251 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:018 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/534197/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031345 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.1 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D41387EE-E8B6-4B4F-BC52-7FED09322A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en WebSocket Server (el m\u00f3dulo res_http_websocket) en Asterisk Open Source 11.x anterior a 11.14.2, 12.x anterior a 12.7.2, y 13.x anterior a 13.0.2 y Certified Asterisk 11.6 anterior a 11.6-cert9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante el envio de un Frame de longitud cero despu\u00e9s de un Frame de longitud no cero."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2014-9374",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-12T15:59:14.883",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60251"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71607"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-10 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2009-008.html | Vendor Advisory | |
| secalert@redhat.com | http://osvdb.org/59697 | ||
| secalert@redhat.com | http://secunia.com/advisories/37265 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37479 | ||
| secalert@redhat.com | http://secunia.com/advisories/37677 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1952 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36924 | Patch | |
| secalert@redhat.com | http://www.securitytracker.com/id?1023133 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=523277 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=533137 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2009-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/59697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37265 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37479 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37677 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1952 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36924 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=523277 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=533137 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.0 | |
| digium | asterisk | 1.2.1 | |
| digium | asterisk | 1.2.2 | |
| digium | asterisk | 1.2.2 | |
| digium | asterisk | 1.2.3 | |
| digium | asterisk | 1.2.3 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.10 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.11 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.12.1 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.13 | |
| digium | asterisk | 1.2.14 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2.15 | |
| digium | asterisk | 1.2.16 | |
| digium | asterisk | 1.2.16 | |
| digium | asterisk | 1.2.17 | |
| digium | asterisk | 1.2.17 | |
| digium | asterisk | 1.2.18 | |
| digium | asterisk | 1.2.18 | |
| digium | asterisk | 1.2.19 | |
| digium | asterisk | 1.2.19 | |
| digium | asterisk | 1.2.20 | |
| digium | asterisk | 1.2.20 | |
| digium | asterisk | 1.2.21 | |
| digium | asterisk | 1.2.21 | |
| digium | asterisk | 1.2.21.1 | |
| digium | asterisk | 1.2.21.1 | |
| digium | asterisk | 1.2.22 | |
| digium | asterisk | 1.2.22 | |
| digium | asterisk | 1.2.23 | |
| digium | asterisk | 1.2.23 | |
| digium | asterisk | 1.2.24 | |
| digium | asterisk | 1.2.24 | |
| digium | asterisk | 1.2.25 | |
| digium | asterisk | 1.2.25 | |
| digium | asterisk | 1.2.26 | |
| digium | asterisk | 1.2.26 | |
| digium | asterisk | 1.2.26.1 | |
| digium | asterisk | 1.2.26.1 | |
| digium | asterisk | 1.2.26.2 | |
| digium | asterisk | 1.2.26.2 | |
| digium | asterisk | 1.2.27 | |
| digium | asterisk | 1.2.28 | |
| digium | asterisk | 1.2.28.1 | |
| digium | asterisk | 1.2.29 | |
| digium | asterisk | 1.2.30 | |
| digium | asterisk | 1.2.30.1 | |
| digium | asterisk | 1.2.30.2 | |
| digium | asterisk | 1.2.30.3 | |
| digium | asterisk | 1.2.30.4 | |
| digium | asterisk | 1.2.31 | |
| digium | asterisk | 1.2.31.1 | |
| digium | asterisk | 1.2.32 | |
| digium | asterisk | 1.2.33 | |
| digium | asterisk | 1.2.34 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.4 | |
| digium | asterisk | 1.4.5 | |
| digium | asterisk | 1.4.6 | |
| digium | asterisk | 1.4.7 | |
| digium | asterisk | 1.4.7.1 | |
| digium | asterisk | 1.4.8 | |
| digium | asterisk | 1.4.9 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0.1 | |
| digium | asterisk | 1.6.0.2 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.4 | |
| digium | asterisk | 1.6.0.5 | |
| digium | asterisk | 1.6.0.6 | |
| digium | asterisk | 1.6.0.7 | |
| digium | asterisk | 1.6.0.8 | |
| digium | asterisk | 1.6.0.9 | |
| digium | asterisk | 1.6.0.10 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.11 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.15 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisknow | 1.5 | |
| digium | s800i | 1.3.0 | |
| digium | s800i | 1.3.0.2 | |
| digium | s800i | 1.3.0.3 | |
| digium | s800i | 1.3.0.4 | |
| digium | asterisk | a | |
| digium | asterisk | b | |
| digium | asterisk | b.1.3.2 | |
| digium | asterisk | b.1.3.3 | |
| digium | asterisk | b.2.2.0 | |
| digium | asterisk | b.2.2.1 | |
| digium | asterisk | b.2.3.1 | |
| digium | asterisk | b.2.3.2 | |
| digium | asterisk | b.2.3.3 | |
| digium | asterisk | b.2.3.4 | |
| digium | asterisk | b.2.3.5 | |
| digium | asterisk | b.2.3.6 | |
| digium | asterisk | b.2.5.0 | |
| digium | asterisk | b.2.5.1 | |
| digium | asterisk | b.2.5.2 | |
| digium | asterisk | b.2.5.3 | |
| digium | asterisk | c | |
| digium | asterisk | c.2.3 | |
| digium | asterisk | c.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*",
"matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*",
"matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*",
"matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*",
"matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*",
"matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*",
"matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*",
"matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*",
"matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*",
"matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*",
"matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*",
"matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*",
"matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*",
"matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*",
"matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*",
"matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*",
"matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*",
"matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*",
"matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
"matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBA9D27-E3DC-45CE-B56B-2C6781AA6A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14CD1CCD-DFF2-4813-B56F-EA1C78AA818E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4499411B-C92E-47F3-A6F2-8C9011B1CBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9684FD88-7422-4272-B9BC-D8638B1AA0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F6FF8-8B88-4A02-B23A-0CADA8CE316E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF81215F-0DD3-48FC-BA1C-19E42FCD47B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565444DE-F67C-4B6E-AC1E-92FC0D8A87CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80E356B2-4AEA-4532-A6F8-13B814BEB2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60F261AB-3172-4245-8090-744294A0D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:digium:s800i:1.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD6B08-D77D-4275-8F91-2CA47FF6E363",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:a:-:business:*:*:*:*:*",
"matchCriteriaId": "B1868709-03F9-47AA-A196-367D783C62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b:-:business:*:*:*:*:*",
"matchCriteriaId": "564A4529-997D-4615-BED8-AE3FB159689A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*",
"matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*",
"matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*",
"matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*",
"matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*",
"matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*",
"matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*",
"matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*",
"matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*",
"matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*",
"matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*",
"matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c:-:business:*:*:*:*:*",
"matchCriteriaId": "7CD989BE-8FA0-4EDB-8442-C2E12BD01D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
},
{
"lang": "es",
"value": "Asterisk Open Source versi\u00f3n 1.2.x anterior a 1.2.35, versi\u00f3n 1.4.x anterior a 1.4.26.3, versi\u00f3n 1.6.0.x anterior a 1.6.0.17 y versi\u00f3n 1.6.1.x anterior a 1.6.1.9; Business Edition versi\u00f3n A.x.x, versi\u00f3n B.x.x anteriores a B.2.5.12, versi\u00f3n C.2.x.x anterior a C.2.4.5 y versi\u00f3n C.3.x.x anterior a C.3.2.2; AsteriskNOW versi\u00f3n 1.5; y s800i versi\u00f3n 1.3.x anterior a 1.3.0.5, causan diferentes mensajes de error dependiendo de si un nombre de usuario SIP sea v\u00e1lido, lo que permite a los atacantes remotos enumerar nombres de usuario v\u00e1lidos mediante m\u00faltiples mensajes de REGISTER creados con nombres de usuario inconsistentes en el URI en el encabezado To y el Digest en el encabezado Authorization."
}
],
"id": "CVE-2009-3727",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-10T18:30:00.250",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/59697"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37265"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37479"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37677"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36924"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1023133"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/59697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-27 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.digium.com/pub/security/AST-2011-006.html | Vendor Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/22/6 | ||
| secalert@redhat.com | http://secunia.com/advisories/44197 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/44529 | ||
| secalert@redhat.com | http://securitytracker.com/id?1025433 | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2225 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/47537 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/1086 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/1107 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/1188 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2011-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/22/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44197 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44529 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025433 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47537 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1086 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1188 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.0 | |
| digium | asterisk | 1.4.1 | |
| digium | asterisk | 1.4.2 | |
| digium | asterisk | 1.4.3 | |
| digium | asterisk | 1.4.10 | |
| digium | asterisk | 1.4.10.1 | |
| digium | asterisk | 1.4.11 | |
| digium | asterisk | 1.4.12 | |
| digium | asterisk | 1.4.12.1 | |
| digium | asterisk | 1.4.13 | |
| digium | asterisk | 1.4.14 | |
| digium | asterisk | 1.4.15 | |
| digium | asterisk | 1.4.16 | |
| digium | asterisk | 1.4.16.1 | |
| digium | asterisk | 1.4.16.2 | |
| digium | asterisk | 1.4.17 | |
| digium | asterisk | 1.4.18 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19 | |
| digium | asterisk | 1.4.19.1 | |
| digium | asterisk | 1.4.19.2 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20 | |
| digium | asterisk | 1.4.20.1 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21 | |
| digium | asterisk | 1.4.21.1 | |
| digium | asterisk | 1.4.21.2 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.22.1 | |
| digium | asterisk | 1.4.22.2 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.4.23.2 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24 | |
| digium | asterisk | 1.4.24.1 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25 | |
| digium | asterisk | 1.4.25.1 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26 | |
| digium | asterisk | 1.4.26.1 | |
| digium | asterisk | 1.4.26.2 | |
| digium | asterisk | 1.4.26.3 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27 | |
| digium | asterisk | 1.4.27.1 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.28 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29 | |
| digium | asterisk | 1.4.29.1 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.30 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.31 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.32 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33 | |
| digium | asterisk | 1.4.33.1 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.34 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.35 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.36 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.37 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.38 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39 | |
| digium | asterisk | 1.4.39.1 | |
| digium | asterisk | 1.4.39.2 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.4.40 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.0 | |
| digium | asterisk | c.1.6 | |
| digium | asterisk | c.1.6.1 | |
| digium | asterisk | c.1.6.2 | |
| digium | asterisk | c.1.8.0 | |
| digium | asterisk | c.1.8.1 | |
| digium | asterisk | c.2.3 | |
| digium | asterisk | c.3.0 | |
| digium | asterisk | c.3.1.0 | |
| digium | asterisk | c.3.1.1 | |
| digium | asterisk | c.3.2.2 | |
| digium | asterisk | c.3.2.3 | |
| digium | asterisk | c.3.3.2 | |
| digium | asterisk | c.3.6.2 | |
| digium | asterisk | c.3.6.3 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.1.17 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.21 | |
| digium | asterisk | 1.6.1.22 | |
| digium | asterisk | 1.6.1.23 | |
| digium | asterisk | 1.6.1.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
"matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
"matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
"matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
"matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
"matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
"matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
"matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
"matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
"matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "87BBDF0F-7A23-48BA-98BC-0EDEDD2CDDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header."
},
{
"lang": "es",
"value": "manager.c en la interfaz de administrador de Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6.4 no comprueba correctamente el privilegio del sistema, lo que permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una acci\u00f3n \"Originate\" que tiene un encabezado Async en relaci\u00f3n con un encabezado Application."
}
],
"id": "CVE-2011-1599",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-27T00:55:04.820",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/04/22/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44197"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44529"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025433"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47537"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1188"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-13 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2017-012.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/102201 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040009 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27382 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27429 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4076 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2017-012.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102201 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040009 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27382 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27429 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4076 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | * | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CE0074-C728-4A0C-AF7B-E5F095C7AD9E",
"versionEndExcluding": "13.18.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A023AEF-773E-4DD8-B860-5B1D4E061F85",
"versionEndExcluding": "14.7.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8300EA07-CDDD-49C2-8F73-BBE6749000CB",
"versionEndExcluding": "15.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
"versionEndIncluding": "13.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
"matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
"matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4298EEE5-3F0E-4227-ACF8-CEE18868055F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de cierre inesperado remoto en Asterisk Open Source en versiones 13.x anteriores a la 13.18.4; versiones 14.x anteriores a la 14.7.4 y las versiones 15.x anteriores a la 15.1.4, as\u00ed como Certified Asterisk en versiones anteriores a la 13.13-cert9. Ciertos paquetes compuestos RTCP pueden provocar un cierre inesperado en la pila RTCP."
}
],
"id": "CVE-2017-17664",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T20:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "536ECC06-D2DC-474F-AB44-7A8B16ADFC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6001EFB8-A539-4F3C-B9F3-7A513FA458BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1035C6D2-E8FD-4FFA-9AC7-17534609D68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*",
"matchCriteriaId": "DBD12EE0-78F6-450F-9AD9-D64A55377D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*",
"matchCriteriaId": "BFA21D5A-0BC6-45E0-AD84-F91F185275B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9569F80-CCA9-4010-8B72-0BF9F4654150",
"versionEndIncluding": "1.8.32.0",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
"versionEndExcluding": "11.14.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
},
{
"lang": "es",
"value": "La funci\u00f3n DB dialplan en Asterisk Open Source 1.8.x anterior a 1.8.32, 11.x anterior a 11.1.4.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 1.8 anterior a 1.8.28-cert8 y 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de una llamada de un protocolo externo, tal y como fue demostrado por el protocolo AMI."
}
],
"id": "CVE-2014-8418",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:10.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-30 01:46
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2007-025.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/38933 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/27873 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1019021 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/484387/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/26645 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4055 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38766 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2007-025.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38933 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27873 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019021 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/484387/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26645 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4055 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38766 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "509EE4B3-B44A-446F-B1B5-476A8BE0F4D6",
"versionEndExcluding": "1.4.15",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*",
"matchCriteriaId": "5B85E573-3A3A-471F-906D-8A262315D0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*",
"matchCriteriaId": "65963B39-845B-47D9-A1BD-6ABBA160EF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*",
"matchCriteriaId": "4015BA36-F972-434D-8DA0-4ECE9992275A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*",
"matchCriteriaId": "587B6E6C-11C5-4721-B0F3-77E77B1C65A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*",
"matchCriteriaId": "E4160773-6EA9-4339-9DD1-28D4EE591830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores desconocidos."
}
],
"id": "CVE-2007-6171",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-30T01:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38933"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27873"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019021"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26645"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4055"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-19 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.1 | |
| digium | asterisk | 10.4.2 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948."
},
{
"lang": "es",
"value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Asterisk Open Source v10.x antes v10.5.1 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (eliminar la referencia del puntero NULL y ca\u00edda demonio) mediante el env\u00edo de un mensaje Station Key Pad Button y el cierre de una conexi\u00f3n en modo descolgado, un tema relacionado con CVE-2012-2948."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2012-3553",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-19T20:55:07.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-22 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-003.html | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3700 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1034931 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3700 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034931 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.1 | |
| digium | asterisk | 1.8.12.2 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.1 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.1 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.1 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.27.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.0 | |
| digium | asterisk | 1.8.28.1 | |
| digium | asterisk | 1.8.28.2 | |
| digium | asterisk | 1.8.32.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 12.0.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.1 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.2.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.0 | |
| digium | asterisk | 12.3.1 | |
| digium | asterisk | 12.3.2 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.4.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.5.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.6.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.0 | |
| digium | asterisk | 12.7.1 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.0 | |
| digium | asterisk | 12.8.1 | |
| digium | asterisk | 12.8.2 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "25E7F7F5-E85A-4720-B5C9-2B776B04D904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1EA7C5-CE37-4A7E-AF81-636228F3BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10823FD4-D618-4050-91D7-CBDE69BC570D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74CB86-72C3-4913-8EB6-3BBA1D3BC65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
"matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3 permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero no inicializado y ca\u00edda) a trav\u00e9s de un error de longitud cero corrigiendo la redundancia de paquetes para un paquete UDPTL FAX que se ha perdido."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2016-2232",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-22T15:59:01.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034931"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-29 08:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2020-003.html | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2020-004.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29191 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29219 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2020-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2020-004.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29191 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29219 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA452364-C114-412B-A2E4-192C1FAC38D6",
"versionEndExcluding": "13.38.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221D371E-558E-4381-A405-190B9AA04250",
"versionEndExcluding": "16.15.0",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4C2E56-5EA4-4048-88CE-3882D201028B",
"versionEndExcluding": "17.9.0",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E927E6-DBA3-4FD6-BA28-F13C3D837197",
"versionEndExcluding": "18.1.0",
"versionStartIncluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a 16.15.0, versiones 17.x anteriores a 17.9.0 y versiones 18.x anteriores a 18.1.0.\u0026#xa0;Puede ocurrir un bloqueo cuando es recibido un mensaje SIP con un encabezado History-Info que contiene un tel-uri, o cuando es recibida una respuesta SIP 181 que contiene un tel-uri en el encabezado Diversion"
}
],
"id": "CVE-2020-35652",
"lastModified": "2024-11-21T05:27:45.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-29T08:15:10.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-12 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2019-002.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-28447 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2019-002.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-28447 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA6DD0A-1C55-4334-8AF3-DB7B2EFB07E0",
"versionEndExcluding": "13.27.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "212B9BDD-ECC4-4CA3-B776-556C98EADF1D",
"versionEndExcluding": "15.7.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E458297-5218-48A3-8690-66E6C6549757",
"versionEndExcluding": "16.4.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en res_pjsip_messaging en Digium Asterisk versiones 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 versiones anteriores permite a los atacantes remotos autenticados cerrar inesperadamente Asterisk enviando un mensaje SIP MESSAGE especialmente dise\u00f1ado."
}
],
"id": "CVE-2019-12827",
"lastModified": "2024-11-21T04:23:40.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-12T20:15:11.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 20:15
Modified
2024-11-21 05:56
Severity ?
Summary
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html | Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Feb/58 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-002.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29203 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Feb/58 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-002.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29203 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Sangoma Asterisk versiones 16.x anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6.\u0026#xa0;Al renegociar para T.38, si la respuesta remota inicial se retras\u00f3 lo suficiente, Asterisk enviar\u00eda tanto audio como T.38 en el SDP.\u0026#xa0;Si esto sucediera, y el control remoto respondiera con una transmisi\u00f3n T.38 rechazada, entonces Asterisk podr\u00eda bloquearse"
}
],
"id": "CVE-2021-26717",
"lastModified": "2024-11-21T05:56:44.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T20:15:12.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-30 01:46
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2007-026.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27827 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27892 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29242 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29782 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200804-13.xml | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1019020 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1417 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/484388/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/26647 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4056 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38765 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2007-026.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27827 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27892 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29242 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29782 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200804-13.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019020 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1417 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/484388/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26647 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4056 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38765 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9D3734-ECE5-4A33-AFE2-1EAD07B997A5",
"versionEndExcluding": "1.2.25",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "509EE4B3-B44A-446F-B1B5-476A8BE0F4D6",
"versionEndExcluding": "1.4.15",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*",
"matchCriteriaId": "DEF6C31E-6C5C-4CBA-B6D7-593C1292AF65",
"versionEndExcluding": "b.2.3.4",
"versionStartIncluding": "b.2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*",
"matchCriteriaId": "5B85E573-3A3A-471F-906D-8A262315D0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*",
"matchCriteriaId": "65963B39-845B-47D9-A1BD-6ABBA160EF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*",
"matchCriteriaId": "4015BA36-F972-434D-8DA0-4ECE9992275A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*",
"matchCriteriaId": "587B6E6C-11C5-4721-B0F3-77E77B1C65A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*",
"matchCriteriaId": "E4160773-6EA9-4339-9DD1-28D4EE591830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n mediante los argumentos (1) ANI y (2) DNIS."
}
],
"id": "CVE-2007-6170",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-30T01:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27827"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27892"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29242"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019020"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1417"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26647"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4056"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-11 14:19
Modified
2025-04-09 00:30
Severity ?
Summary
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.digium.com/view.php?id=13547 | ||
| cve@mitre.org | http://bugs.digium.com/view.php?id=14417 | ||
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2009-002.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/52568 | ||
| cve@mitre.org | http://secunia.com/advisories/34229 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/501656/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34070 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1021834 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0667 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.digium.com/view.php?id=13547 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.digium.com/view.php?id=14417 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2009-002.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/52568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34229 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501656/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34070 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021834 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0667 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.4.22 | |
| digium | asterisk | 1.4.23 | |
| digium | asterisk | 1.4.23.1 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0.1 | |
| digium | asterisk | 1.6.0.2 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.4 | |
| digium | asterisk | 1.6.0.5 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | c.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
"matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
},
{
"lang": "es",
"value": "El controlador de canal SIP en Asterisk Open Source v1.4.22, v1.4.23, y v1.4.23.1; v1.6.0 anterior a v1.6.0.6; v1.6.1 anterior a v1.6.1.0-rc2; y Asterisk Business Edition C.2.3, con la opci\u00f3n \"pedantic\" activada, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00f1es de una petici\u00f3n SIP INVITE sin cabecera, lo que dispara una deferencia a puntero NULL en las funciones (1) sip_uri_headers_cmp y(2) sip_uri_params_cmp."
}
],
"id": "CVE-2009-0871",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-11T14:19:15.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.digium.com/view.php?id=13547"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.digium.com/view.php?id=14417"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52568"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34229"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34070"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021834"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.digium.com/view.php?id=13547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.digium.com/view.php?id=14417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2018-006.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/103120 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040419 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2018-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103120 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040419 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27658 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 15.0.0 | |
| digium | asterisk | 15.0.0 | |
| digium | asterisk | 15.1.0 | |
| digium | asterisk | 15.1.0 | |
| digium | asterisk | 15.1.0 | |
| digium | asterisk | 15.1.1 | |
| digium | asterisk | 15.1.2 | |
| digium | asterisk | 15.1.3 | |
| digium | asterisk | 15.1.4 | |
| digium | asterisk | 15.1.5 | |
| digium | asterisk | 15.2.0 | |
| digium | asterisk | 15.2.0 | |
| digium | asterisk | 15.2.0 | |
| digium | asterisk | 15.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:15.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9B067A37-7101-48F8-B42A-50A0F59154F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0D20EE5-E2C7-4CD3-9932-33A0C27465C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C42CFBDA-8B84-4A8F-8C1E-207C48138DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B0C2D39-0D85-4655-968F-9B6F48C4DE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25307605-D767-4253-BEE7-928B89DA260A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E057E8B7-B1E9-4A62-9C7D-14F36435F16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17F0D6D8-AE61-4A0C-B8D6-D91DECB407D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA48CBAB-AD3D-4D2A-9932-D21DB10F0884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A069FD52-C61C-49A4-A863-0FDB21B031B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "491EE070-6913-4AB4-BDB1-CFDCAEFEEFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82F3B56D-E148-4E63-BF7E-F9E8967A24E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "72541FC4-4CC7-435F-B51D-4754E873EBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A2AA7A-C598-4F0A-BF83-C804566C5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:15.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A3B57E-1E68-48CF-902E-4C90FC738B5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en res_http_websocket.c en Asterisk hasta la versi\u00f3n 15.2.1. Si el servidor HTTP est\u00e1 habilitado (est\u00e1 deshabilitado por defecto), las cargas \u00fatiles de WebSocket de tama\u00f1o 0 se gestionan de forma incorrecta (con un bucle ocupado)."
}
],
"id": "CVE-2018-7287",
"lastModified": "2024-11-21T04:11:56.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T00:29:01.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103120"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040419"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2025-04-12 10:46
Severity ?
Summary
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/66093 | ||
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-23340 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-23340 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.1 | |
| digium | asterisk | 1.8.12.2 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.1 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.0 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.1 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.20.2 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.21.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.22.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.0 | |
| digium | asterisk | 1.8.23.1 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.0 | |
| digium | asterisk | 1.8.24.1 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.25.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 1.8.26.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| digium | asterisk | 12.1.0 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.0.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.1.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.2.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.3.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.4.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.5.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.6.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.7.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.8.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.9.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.10.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.11.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.12.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.13.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.14.0 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 1.8.15 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
},
{
"lang": "es",
"value": "main/http.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1 y Certified Asterisk 1.8.x anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de pila) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud HTTP con un n\u00famero grande de cabeceras de cookies."
}
],
"id": "CVE-2014-2286",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:37.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2011-014.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/12/09/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/12/09/4 | ||
| secalert@redhat.com | http://osvdb.org/77598 | ||
| secalert@redhat.com | http://secunia.com/advisories/47273 | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2367 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/12/09/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/12/09/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/77598 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47273 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2367 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.16.2 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.6.2.17.2 | |
| digium | asterisk | 1.6.2.17.3 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.18 | |
| digium | asterisk | 1.6.2.19 | |
| digium | asterisk | 1.6.2.19 | |
| digium | asterisk | 1.6.2.20 | |
| digium | asterisk | 1.6.2.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0B515F-6C5B-4A32-BE6E-3B154B4340CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "679A2262-1C6B-4549-84A9-878D7FA502F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "86B7F9F0-A597-42BC-AD54-FAD928B7A332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "76A47DCB-689A-4BD5-B3A5-7DA20052A3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests."
},
{
"lang": "es",
"value": "La funci\u00f3n handle_request_info en el archivo channels/chan_sip.c en Open Source de Asterisk versiones 1.6.2.x anteriores a 1.6.2.21 y versiones 1.8.x anteriores a 1.8.7.2, cuando automon est\u00e1 habilitado, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de una secuencia dise\u00f1ada de peticiones SIP."
}
],
"id": "CVE-2011-4598",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-15T03:57:34.357",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/77598"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47273"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/12/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/12/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/77598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2367"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 01:30
Modified
2025-04-20 01:37
Severity ?
Summary
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-008.html | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3990 | Third Party Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27274 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3990 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27274 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | asterisk | 13.11.1 | |
| digium | asterisk | 13.11.2 | |
| digium | asterisk | 13.12 | |
| digium | asterisk | 13.12.0 | |
| digium | asterisk | 13.12.1 | |
| digium | asterisk | 13.12.2 | |
| digium | asterisk | 13.13 | |
| digium | asterisk | 13.13.0 | |
| digium | asterisk | 13.13.1 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.1 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.1 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 14.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.1 | |
| digium | asterisk | 14.0.2 | |
| digium | asterisk | 14.1 | |
| digium | asterisk | 14.01 | |
| digium | asterisk | 14.1.0 | |
| digium | asterisk | 14.1.1 | |
| digium | asterisk | 14.1.2 | |
| digium | asterisk | 14.02 | |
| digium | asterisk | 14.2 | |
| digium | asterisk | 14.2.0 | |
| digium | asterisk | 14.2.1 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.1 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.1 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.1 | |
| digium | asterisk | 11.2.2 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.1 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.2 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.1 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.1 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.1 | |
| digium | asterisk | 11.14.2 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.1 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.17.1 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.1 | |
| digium | asterisk | 11.21.2 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.1 | |
| digium | asterisk | 11.24.0 | |
| digium | asterisk | 11.24.1 | |
| digium | asterisk | 11.25.0 | |
| digium | asterisk | 11.25.1 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
"matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
},
{
"lang": "es",
"value": "En Asterisk enversiones 11.x anteriores a la 11.25.3, versiones 13.x anteriores a la 13.17.2 y versiones 14.x anteriores a la 14.6.2; y en Certified Asterisk en versiones 11.x anteriores a la 11.6-cert18 y versiones 13.x anteriores a la 13.13-cert6, una validaci\u00f3n insuficiente de paquetes RTCP podr\u00eda permitir la lectura de contenidos obsoletos del b\u00fafer y, cuando se combina con las opciones \"nat\" y \"symmetric_rtp\", permite las redirecciones en las que Asterisk env\u00eda el siguiente informe RTCP."
}
],
"id": "CVE-2017-14603",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T01:30:21.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-12 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-009.html | Mitigation, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94789 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037408 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-009.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94789 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037408 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.1 | |
| digium | asterisk | 11.2.2 | |
| digium | asterisk | 11.3.0 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.5.0 | |
| digium | asterisk | 11.5.1 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.1 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.2 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.1 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.1 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.1 | |
| digium | asterisk | 11.14.2 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.1 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.17.1 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.1 | |
| digium | asterisk | 11.21.2 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.1 | |
| digium | asterisk | 11.24.0 | |
| digium | asterisk | 11.24.1 | |
| digium | asterisk | 11.25.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.1 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | asterisk | 13.11.1 | |
| digium | asterisk | 13.11.2 | |
| digium | asterisk | 13.12.0 | |
| digium | asterisk | 13.12.1 | |
| digium | asterisk | 13.12.2 | |
| digium | asterisk | 13.13.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.1 | |
| digium | asterisk | 14.0.2 | |
| digium | asterisk | 14.1.0 | |
| digium | asterisk | 14.1.1 | |
| digium | asterisk | 14.1.2 | |
| digium | asterisk | 14.2.0 | |
| digium | certified_asterisk | 11.0.0 | |
| digium | certified_asterisk | 11.0.0 | |
| digium | certified_asterisk | 11.0.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.1.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.2.0 | |
| digium | certified_asterisk | 11.3.0 | |
| digium | certified_asterisk | 11.3.0 | |
| digium | certified_asterisk | 11.3.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.4.0 | |
| digium | certified_asterisk | 11.5.0 | |
| digium | certified_asterisk | 11.5.0 | |
| digium | certified_asterisk | 11.5.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12745DB9-F19D-4507-A9FE-218B7BB29DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFFAE3F-3B78-49DE-8F01-2E439D9A6F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0501E88B-986A-44C6-A6B5-F2CB9087A8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "707296C4-153C-4ACF-B91A-AB5FA42260CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F596E34-529A-41AD-AD51-C1D7EEE0FFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC1BE0BB-A469-4DB6-88CF-80A065329C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EA68726-87EF-490F-BBB8-A321E6C7A16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8B3572-D6F6-45BD-9BE4-D532F9BF134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7738E036-DACC-42EE-B417-CB083319B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A6847720-D556-49D7-BD7F-E0559C6F5780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA81D724-584B-4863-B270-869C415DB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF76131B-DF2C-4C6A-8E6B-1319D231402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AB8C209-694F-41BF-9CF2-D68D4E58A43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6438A881-C806-4CC1-9828-C34BBB0FF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704EED6-C72D-427D-AD37-EBC4042CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AF835684-26C6-4734-B586-D5DB4DF33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EB76BC0-2B72-495E-80FC-C6B194648A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F1BC546-92E0-4285-8C18-37705F44B94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D50F0DF-54D3-4883-ADA2-DDB79F786182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0838BEC6-680A-4695-BD1B-309290F16A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F78D49-ED8C-43FF-AE6D-713E90F1A1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Asterisk Open Source 11.x en versiones anteriores a 11.25.1, 13.x en versiones anteriores a 13.13.1 y 14.x en versiones anteriores a 14.2.1 y Certified Asterisk 11.x en versiones anteriores a 11.6-cert16 y 13.x en versiones anteriores a 13.8-cert4. El controlador de canal chan_sip tiene una definici\u00f3n liberal de espacios en blanco cuando intenta quitar al contenido entre un nombre de encabezado SIP y un car\u00e1cter de dos puntos. En lugar de seguir la RFC 3261 y quitar s\u00f3lo espacios y pesta\u00f1as horizontales, Asterisk trata cualquier car\u00e1cter ASCII no imprimible como si fuera un espacio en blanco. Esto significa que los encabezados tal como Contact\\x01: se ver\u00e1n como un encabezado de Contact v\u00e1lido. Esto principalmente no plantea un problema hasta que Asterisk se coloca en t\u00e1ndem con un proxy SIP de autenticaci\u00f3n. En este caso, una combinaci\u00f3n h\u00e1bil de encabezados v\u00e1lidos y no v\u00e1lidos puede provocar que un proxy permita una petici\u00f3n INVITE en Asterisk sin autenticaci\u00f3n ya que cree que la solicitud es una petici\u00f3n de dialogo de entrada. Sin embargo, debido al error descrito anteriormente, la petici\u00f3n se ver\u00e1 como una solicitud fuera de di\u00e1logo para Asterisk. Asterisk procesara la solicitud como una nueva llamada. El resultado es que Asterisk pueda procesar llamadas desde fuentes de fuentes no examinadas sin autenticaci\u00f3n. Si no utiliza un proxy para la autenticaci\u00f3n, entonces este problema no le afecta. Si su proxy tiene conocimiento de di\u00e1logo (lo que siginifica que el proxy realiza un seguimiento de los cuadros de di\u00e1logos que son actualmente v\u00e1lidos), entonces este problema no le afecta. Si utiliza chan_pjsip en lugar de chan_sip, entonces este problema no le afecta."
}
],
"id": "CVE-2016-9938",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-12T21:59:01.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-02 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-005.html | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3964 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1039251 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/873907 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27013 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://rtpbleed.com | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3964 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039251 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/873907 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27013 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rtpbleed.com | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-29 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | asterisk | 13.11.1 | |
| digium | asterisk | 13.11.2 | |
| digium | asterisk | 13.12 | |
| digium | asterisk | 13.12.0 | |
| digium | asterisk | 13.12.1 | |
| digium | asterisk | 13.12.2 | |
| digium | asterisk | 13.13 | |
| digium | asterisk | 13.13.0 | |
| digium | asterisk | 13.13.1 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 13.14.1 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.0 | |
| digium | asterisk | 13.15.1 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.16.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 13.17.0 | |
| digium | asterisk | 14.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.1 | |
| digium | asterisk | 14.0.2 | |
| digium | asterisk | 14.1 | |
| digium | asterisk | 14.01 | |
| digium | asterisk | 14.1.0 | |
| digium | asterisk | 14.1.1 | |
| digium | asterisk | 14.1.2 | |
| digium | asterisk | 14.02 | |
| digium | asterisk | 14.2 | |
| digium | asterisk | 14.2.0 | |
| digium | asterisk | 14.2.1 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.0 | |
| digium | asterisk | 14.3.1 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.0 | |
| digium | asterisk | 14.4.1 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.5.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 14.6.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | asterisk | 11.1.2 | |
| digium | asterisk | 11.2.0 | |
| digium | asterisk | 11.2.1 | |
| digium | asterisk | 11.2.2 | |
| digium | asterisk | 11.4.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.0 | |
| digium | asterisk | 11.6.1 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.7.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.0 | |
| digium | asterisk | 11.8.1 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.9.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.0 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.1 | |
| digium | asterisk | 11.10.2 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.11.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.0 | |
| digium | asterisk | 11.12.1 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.0 | |
| digium | asterisk | 11.13.1 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.0 | |
| digium | asterisk | 11.14.1 | |
| digium | asterisk | 11.14.2 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.0 | |
| digium | asterisk | 11.15.1 | |
| digium | asterisk | 11.16.0 | |
| digium | asterisk | 11.17.0 | |
| digium | asterisk | 11.17.1 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.18.0 | |
| digium | asterisk | 11.19.0 | |
| digium | asterisk | 11.20.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.0 | |
| digium | asterisk | 11.21.1 | |
| digium | asterisk | 11.21.2 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.22.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.0 | |
| digium | asterisk | 11.23.1 | |
| digium | asterisk | 11.24.0 | |
| digium | asterisk | 11.24.1 | |
| digium | asterisk | 11.25.0 | |
| digium | asterisk | 11.25.1 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
"matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
},
{
"lang": "es",
"value": "En res/res_rtp_asterisk.c en Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es posible divulgar datos sin autorizaci\u00f3n si un atacante ataca en el momento adecuado. La opci\u00f3n \"strictrtp\" en rtp.conf habilita una caracter\u00edstica de la pila RTP que aprende la direcci\u00f3n de origen de los medios para una sesi\u00f3n y coloca cualquier paquete que no se haya originado a partir de la direcci\u00f3n esperada. Esta opci\u00f3n est\u00e1 activda por defecto en Asterisk 11 y superiores. Las opciones \"nat\" y \"rtp_symmetric\" (para chan_sip y chan_pjsip, respectivamente) permiten el soporte RTP sim\u00e9trico en la pila RTP. Esto emplea la direcci\u00f3n de origen de medios entrantes como direcci\u00f3n de destino de cualquier medio enviado. Esta opci\u00f3n no est\u00e1 activada por defecto, pero suele estar habilitada para gestionar dispositivos tras NAT. Se ha realizado un cambio en el soporte RTP estricto en la pila RTP para tolerar mejor los medios tard\u00edos cuando ocurre una reinvitaci\u00f3n. Cuando se combina con el soporte RTP sim\u00e9trico, esto introdujo una avenida en la que se pod\u00eda secuestrar medios. En vez de solo aprender una nueva direcci\u00f3n cuando se espera, el nuevo c\u00f3digo permit\u00eda una nueva direcci\u00f3n de origen que deb\u00eda ser aprendida en todo momento. Si se recibe un flujo de tr\u00e1fico RTP, el soporte RTP estricto permitir\u00eda que la nueva direcci\u00f3n proporcionase medios, y (con RTP sim\u00e9trico habilitado) el tr\u00e1fico saliente ser\u00eda enviado a esta nueva direcci\u00f3n, permitiendo el secuestro de los medios. Si el atacante contin\u00faa enviando tr\u00e1fico, tambi\u00e9n seguir\u00eda recibi\u00e9ndolo."
}
],
"id": "CVE-2017-14099",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-02T16:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873907"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rtpbleed.com"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rtpbleed.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=111946399501080&w=2 | ||
| cve@mitre.org | http://www.portcullis-security.com/advisory/advisory-05-013.txt | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/21115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111946399501080&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.portcullis-security.com/advisory/advisory-05-013.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/21115 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the \u0027write = command\u0027 option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character."
}
],
"id": "CVE-2005-2081",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-01 21:30
Modified
2025-04-11 00:51
Severity ?
Summary
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff | ||
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff | Patch | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2010-003.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html | ||
| cve@mitre.org | http://osvdb.org/62588 | ||
| cve@mitre.org | http://secunia.com/advisories/38752 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39096 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/509757/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/38424 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0475 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/56552 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2010-003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/62588 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38752 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/509757/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/38424 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0475 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/56552 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.6.0 | |
| digium | asterisk | 1.6.0.1 | |
| digium | asterisk | 1.6.0.2 | |
| digium | asterisk | 1.6.0.3 | |
| digium | asterisk | 1.6.0.5 | |
| digium | asterisk | 1.6.0.6 | |
| digium | asterisk | 1.6.0.7 | |
| digium | asterisk | 1.6.0.8 | |
| digium | asterisk | 1.6.0.9 | |
| digium | asterisk | 1.6.0.10 | |
| digium | asterisk | 1.6.0.12 | |
| digium | asterisk | 1.6.0.13 | |
| digium | asterisk | 1.6.0.14 | |
| digium | asterisk | 1.6.0.15 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.16 | |
| digium | asterisk | 1.6.0.17 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.18 | |
| digium | asterisk | 1.6.0.19 | |
| digium | asterisk | 1.6.0.20 | |
| digium | asterisk | 1.6.0.21 | |
| digium | asterisk | 1.6.0.21 | |
| digium | asterisk | 1.6.0.22 | |
| digium | asterisk | 1.6.0.23 | |
| digium | asterisk | 1.6.0.24 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBC113E-6304-4605-B024-D6D7A264DC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3FCBAE-2A39-482A-ADF9-870DF63F89D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D552F2D3-EB70-413E-8C4F-DD3283434C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "15C4C10F-BD36-491A-87E7-2F072796DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929EAA61-BA69-4F36-A5E9-B8F066405384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E60A7436-AFDB-4540-BD4B-01F25BDFBA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5A1CCA12-CCF2-46F5-BBDD-AAC0C1E8C5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1D4D06-9D83-495F-98BC-0B6E1C3566B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8D8A87FD-EB9C-4D65-824A-159C206F28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "55585411-9272-4ED6-962C-B27EBAE11C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF7BDB9D-403D-4BC4-83FA-AD39EF131714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7F74046A-9B96-4EE7-AC14-F2A1FBDF65E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "512545F1-F007-43D7-AAE9-8120BC5821D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "339BEF35-835E-4B06-B9B4-C2DF26A7B3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts."
},
{
"lang": "es",
"value": "main/acl.c en Asterisk Open Source 1.6.0.x en versiones anteriores a la 1.6.0.25, 1.6.1.x en versiones anteriores a la 1.6.1.17 y 1.6.2.x en versiones anteriores a la 1.6.2.5 no aplica de manera apropiada los controles de acceso de host remoto cuando la notaci\u00f3n CIDR \"/ 0\" es usada en reglas de configuraci\u00f3n \"permit=\" y \"deny=\", lo que provoca un desplazamiento aritm\u00e9tico incorrecto y podr\u00eda permitir a atacantes remotos eludir las reglas ACL y tener acceso a servicios desde hosts no autorizados."
}
],
"id": "CVE-2010-1224",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-01T21:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
},
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
},
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62588"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38752"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39096"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38424"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0475"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-28 17:29
Modified
2024-11-21 04:47
Severity ?
Summary
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2019-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-28260 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2019-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-28260 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "212B9BDD-ECC4-4CA3-B776-556C98EADF1D",
"versionEndExcluding": "15.7.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78874405-4758-4CC0-8BE0-ECC799BFF7B5",
"versionEndExcluding": "16.2.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation."
},
{
"lang": "es",
"value": "Un error en la propiedad signedness de un n\u00famero entero (para c\u00f3digo devuelto) en el m\u00f3dulo res_pjsip_sdp_rtp en Digium Asterisk, en versiones 15.7.1 y anteriores y en las 16.1.1 y anteriores, permite a los atacantes remotos no autenticados cerrar inesperadamente Asterisk mediante una violaci\u00f3n de protocolo SDP especialmente manipulada."
}
],
"id": "CVE-2019-7251",
"lastModified": "2024-11-21T04:47:50.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-28T17:29:01.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-10 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/97377 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/859910 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97377 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/859910 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.0 | |
| digium | asterisk | 13.0.1 | |
| digium | asterisk | 13.0.2 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.0 | |
| digium | asterisk | 13.1.1 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.0 | |
| digium | asterisk | 13.2.1 | |
| digium | asterisk | 13.3.0 | |
| digium | asterisk | 13.3.2 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.4.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.5.0 | |
| digium | asterisk | 13.6.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.0 | |
| digium | asterisk | 13.7.1 | |
| digium | asterisk | 13.7.2 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.0 | |
| digium | asterisk | 13.8.1 | |
| digium | asterisk | 13.8.2 | |
| digium | asterisk | 13.9.0 | |
| digium | asterisk | 13.9.1 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.10.0 | |
| digium | asterisk | 13.11.0 | |
| digium | asterisk | 13.11.1 | |
| digium | asterisk | 13.11.2 | |
| digium | asterisk | 13.12 | |
| digium | asterisk | 13.12.0 | |
| digium | asterisk | 13.12.1 | |
| digium | asterisk | 13.12.2 | |
| digium | asterisk | 13.13 | |
| digium | asterisk | 13.13.0 | |
| digium | asterisk | 13.14.0 | |
| digium | asterisk | 14.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.0 | |
| digium | asterisk | 14.0.1 | |
| digium | asterisk | 14.0.2 | |
| digium | asterisk | 14.1 | |
| digium | asterisk | 14.01 | |
| digium | asterisk | 14.1.0 | |
| digium | asterisk | 14.1.1 | |
| digium | asterisk | 14.1.2 | |
| digium | asterisk | 14.02 | |
| digium | asterisk | 14.2 | |
| digium | asterisk | 14.2.0 | |
| digium | asterisk | 14.2.1 | |
| digium | asterisk | 14.3.0 | |
| digium | certified_asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30F0A0-EE30-496A-ACF0-A9B1BCA46D73",
"versionEndIncluding": "13.13-cert2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
},
{
"lang": "es",
"value": "La ejecuci\u00f3n remota de c\u00f3digo puede ocurrir en Asterisk Open Source 13.x en versiones anteriores a 13.14.1 y 14.x en versiones anteriores a 14.3.1 y Asterisk certificado 13.13 en versiones anteriores a 13.13-cert3 debido a un desbordamiento de b\u00fafer en un campo de usuario de CDR, relacionado con X-ClientCode en chan_sip , La funci\u00f3n de dialplan CDR y la acci\u00f3n Monitor AMI."
}
],
"id": "CVE-2017-7617",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-10T14:59:00.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/859910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/859910"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-18 20:02
Modified
2025-04-03 01:03
Severity ?
Summary
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz | Patch | |
| cve@mitre.org | http://secunia.com/advisories/19800 | ||
| cve@mitre.org | http://secunia.com/advisories/19872 | ||
| cve@mitre.org | http://secunia.com/advisories/19897 | ||
| cve@mitre.org | http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory | Exploit, Patch | |
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1048 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_04_28.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/17561 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/1478 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19897 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1048 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_04_28.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17561 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1478 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | 0.1.0 | |
| digium | asterisk | 0.1.1 | |
| digium | asterisk | 0.1.2 | |
| digium | asterisk | 0.1.3 | |
| digium | asterisk | 0.1.4 | |
| digium | asterisk | 0.1.5 | |
| digium | asterisk | 0.1.6 | |
| digium | asterisk | 0.1.7 | |
| digium | asterisk | 0.1.8 | |
| digium | asterisk | 0.1.9 | |
| digium | asterisk | 0.1.9.1 | |
| digium | asterisk | 0.1.10 | |
| digium | asterisk | 0.1.11 | |
| digium | asterisk | 0.1.12 | |
| digium | asterisk | 0.2 | |
| digium | asterisk | 0.2.0 | |
| digium | asterisk | 0.3 | |
| digium | asterisk | 0.3.0 | |
| digium | asterisk | 0.4 | |
| digium | asterisk | 0.4.0 | |
| digium | asterisk | 0.5.0 | |
| digium | asterisk | 0.7.0 | |
| digium | asterisk | 0.7.1 | |
| digium | asterisk | 0.7.2 | |
| digium | asterisk | 1.0.0 | |
| digium | asterisk | 1.0.1 | |
| digium | asterisk | 1.0.2 | |
| digium | asterisk | 1.0.3 | |
| digium | asterisk | 1.0.4 | |
| digium | asterisk | 1.0.5 | |
| digium | asterisk | 1.0.6 | |
| digium | asterisk | 1.0.7 | |
| digium | asterisk | 1.0.8 | |
| digium | asterisk | 1.0.9 | |
| digium | asterisk | 1.0_rc1 | |
| digium | asterisk | 1.0_rc2 | |
| digium | asterisk | 1.2.0_beta1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D52340CE-D832-43A6-9552-5A5E014D1AA7",
"versionEndIncluding": "1.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "864D95C2-9B1B-4EB4-82CD-3BA5E063FEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FB4B52-69CA-45DA-AE22-E6667E8B98FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FF789-3B09-4974-B62F-CCD7F5AA2BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FA92F7-46BB-444C-ADAB-4B550CD0B69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A003A2C3-1C4F-4A76-BABE-C55A761E3321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A063E6CD-16F8-42E0-A9A2-4D33C10F7EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBC7FE3-D810-487C-8FD3-27B8729DCA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82621C2B-B5F0-4E70-A619-0213005DADB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DBCFB5-65BF-46FE-AC19-2557B6C0BD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99C185C9-9592-43A1-9811-80E16032F396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD696CD-3B63-4C8B-966E-EE00F44CA44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9750B74B-F766-4869-880B-4E5E41D90533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE096C63-221B-4746-B8B6-9314C4CD6FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCA1D9-0D47-4F0A-A78F-F85FADE0C9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24CE1C95-D4C7-4662-AD0D-5219335BAF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC453F5-C46A-45E9-B7DE-3C5BF752F305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9149505F-D47B-40C3-93EB-A3C647A1AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94FC8F82-D648-4127-9914-27414358AC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCCA63B-AB59-4827-BD6F-4AF0155151F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16FC9C13-ADDD-4F09-B977-EE0DEF598B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C20296F-F70A-4D3C-A062-B6054617841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A92B4D-16A7-4D99-8F3A-2E5D3B12C86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16783925-8EC5-431F-90B5-93B16DCC10B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59AF9E-FEC7-44AB-B392-49DB11BAEB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "325C4452-6541-46F6-A86C-6D6987583FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5424B5B4-99B3-4695-8E0D-7E8DC8B88C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "62BDF9F0-1AFD-47E6-9054-A9FC6D422DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8D2125-019A-4B73-9E1A-98E745148803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E49F2D76-DC82-4289-8891-4982795D896A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "203237E0-BB44-42D0-B65B-CBDAAA68A1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
}
],
"id": "CVE-2006-1827",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-18T20:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19800"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19872"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19897"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17561"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1478"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en el controlador de canales PJSIP en Asterisk Open Source 12.x anterior a 12.7.1 y 13.x anterior a 13.0.1, cuando utiliza el m\u00f3dulo res_pjsip_refer, permite a atacantes remotosw causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un in-dialog INVITE con mensaje Replaces, lo que provoca el cuelgue del canal."
}
],
"id": "CVE-2014-8416",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:08.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-013.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/50687 | ||
| cve@mitre.org | http://secunia.com/advisories/50756 | ||
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2550 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/55335 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1027461 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-013.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55335 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027461 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.1 | |
| digium | asterisk | 10.4.2 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.0 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | asterisk | 10.5.2 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | c.3.0 | |
| digium | asterisk | c.3.1.0 | |
| digium | asterisk | c.3.1.1 | |
| digium | asterisk | c.3.2.2 | |
| digium | asterisk | c.3.2.3 | |
| digium | asterisk | c.3.3.2 | |
| digium | asterisk | c.3.6.2 | |
| digium | asterisk | c.3.6.3 | |
| digium | asterisk | c.3.6.4 | |
| digium | asterisk | c.3.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
"matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
"matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.7.5:-:business:*:*:*:*:*",
"matchCriteriaId": "BFE16F42-025D-4C9D-AD4A-08FDEF957F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
},
{
"lang": "es",
"value": "channels/chan_iax2.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-1.8.11 antes de cert7, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 no hace cumplir las reglas de ACL durante ciertos usos del par de credenciales, lo que permite a usuarios remotos autenticados eludir las restricciones de llamadas de salida aprovech\u00e1ndose de la disponibilidad de estas credenciales.\r\n"
}
],
"id": "CVE-2012-4737",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T14:55:01.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55335"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027461"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://downloads.asterisk.org/pub/security/AST-2011-003.html | Vendor Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/17/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/21/12 | ||
| secalert@redhat.com | http://securitytracker.com/id?1025223 | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2225 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/46897 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0686 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0790 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=688675 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/66139 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2011-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/17/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/21/12 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025223 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46897 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0686 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=688675 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66139 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.0 | |
| digium | asterisk | 1.6.1.1 | |
| digium | asterisk | 1.6.1.2 | |
| digium | asterisk | 1.6.1.3 | |
| digium | asterisk | 1.6.1.4 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.5 | |
| digium | asterisk | 1.6.1.6 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.7 | |
| digium | asterisk | 1.6.1.8 | |
| digium | asterisk | 1.6.1.9 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.10 | |
| digium | asterisk | 1.6.1.11 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.12 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.13 | |
| digium | asterisk | 1.6.1.14 | |
| digium | asterisk | 1.6.1.15 | |
| digium | asterisk | 1.6.1.16 | |
| digium | asterisk | 1.6.1.17 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.18 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.19 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.20 | |
| digium | asterisk | 1.6.1.21 | |
| digium | asterisk | 1.6.1.22 | |
| digium | asterisk | 1.6.1.23 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.0 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.1 | |
| digium | asterisk | 1.6.2.2 | |
| digium | asterisk | 1.6.2.3 | |
| digium | asterisk | 1.6.2.4 | |
| digium | asterisk | 1.6.2.5 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.6 | |
| digium | asterisk | 1.6.2.15 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16 | |
| digium | asterisk | 1.6.2.16.1 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17 | |
| digium | asterisk | 1.6.2.17.1 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data."
},
{
"lang": "es",
"value": "manager.c en Asterisk Open Source v1.6.1.x anterior a v1.6.1.24, v1.6.2.x anterior a v1.6.2.17.2, y v1.8.x anterior a v1.8.3.2 permite a atacantes remotos generar una denegaci\u00f3n de servicio (agotamiento de memoria y CPU) mediante una conjunto de sesiones que comprenden datos no v\u00e1lidos."
}
],
"id": "CVE-2011-1174",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-31T22:55:03.147",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025223"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46897"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 11:52
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-014 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2013/dsa-2605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-014 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2605 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.0 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1 | |
| digium | asterisk | 1.8.1.1 | |
| digium | asterisk | 1.8.1.2 | |
| digium | asterisk | 1.8.2 | |
| digium | asterisk | 1.8.2.1 | |
| digium | asterisk | 1.8.2.2 | |
| digium | asterisk | 1.8.2.3 | |
| digium | asterisk | 1.8.2.4 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3 | |
| digium | asterisk | 1.8.3.1 | |
| digium | asterisk | 1.8.3.2 | |
| digium | asterisk | 1.8.3.3 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4 | |
| digium | asterisk | 1.8.4.1 | |
| digium | asterisk | 1.8.4.2 | |
| digium | asterisk | 1.8.4.3 | |
| digium | asterisk | 1.8.4.4 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5 | |
| digium | asterisk | 1.8.5.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.6.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.0 | |
| digium | asterisk | 1.8.7.1 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.0 | |
| digium | asterisk | 1.8.8.1 | |
| digium | asterisk | 1.8.8.2 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.0 | |
| digium | asterisk | 1.8.9.1 | |
| digium | asterisk | 1.8.9.2 | |
| digium | asterisk | 1.8.9.3 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.0 | |
| digium | asterisk | 1.8.10.1 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.0 | |
| digium | asterisk | 1.8.11.1 | |
| digium | asterisk | 1.8.12 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.12.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.0 | |
| digium | asterisk | 1.8.13.1 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.0 | |
| digium | asterisk | 1.8.14.1 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.0 | |
| digium | asterisk | 1.8.15.1 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.16.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.17.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.0 | |
| digium | asterisk | 1.8.18.1 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 1.8.19.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.1 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.1.2 | |
| digium | asterisk | 10.1.3 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.1 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.1 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.1 | |
| digium | asterisk | 10.4.2 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | asterisk | 10.5.2 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.0 | |
| digium | asterisk | 10.7.1 | |
| digium | asterisk | 10.8.0 | |
| digium | asterisk | 10.8.0 | |
| digium | asterisk | 10.8.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.9.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.0 | |
| digium | asterisk | 10.10.1 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 10.11.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.0 | |
| digium | asterisk | 11.0.1 | |
| digium | asterisk | 11.0.2 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.0 | |
| digium | asterisk | 11.1.1 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | certified_asterisk | 1.8.11 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.0.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.0 | |
| digium | asterisk | 10.1.1 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.2.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.3.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.4.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.0 | |
| digium | asterisk | 10.5.1 | |
| digium | asterisk | 10.5.2 | |
| digium | asterisk | 10.6.0 | |
| digium | asterisk | 10.6.1 | |
| digium | asterisk | 10.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE324AC-5231-43DB-B077-EA1E0145FF5B",
"versionEndIncluding": "1.8.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5552D1C-C05A-4B67-A025-BBD3022C7B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F8B72-EEC9-4021-B320-8CB6E83856F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A0F946-6A51-4E4D-8E8A-CA6DF222289F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C7619B8-B986-4B24-BFFD-956A1A6780FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CF339A-A38B-40CE-9811-A6CE77B29025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13856847-32A8-401D-A6DC-8DB96AE739FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8E8F4ED-AA7B-4B19-8416-6BC0608C760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B7A900B2-0F3C-450E-8933-BDD5C9627EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52B5F73C-174A-4A0B-8D14-EC10779FC884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "BF86A1A0-D3D7-485A-A46C-7619F74CE821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones 10.x-digiumphones anteriores a 10.11.1-digiumphones permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edde del demonio) a trav\u00e9s de datos TCP usando los protocolos (1) SIP, (2) HTTP, o (3) XMPP."
}
],
"id": "CVE-2012-5976",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T11:52:14.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/20577 | ||
| cve@mitre.org | http://secunia.com/advisories/17459 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/19872 | ||
| cve@mitre.org | http://securitytracker.com/id?1015164 | ||
| cve@mitre.org | http://www.assurance.com.au/advisories/200511-asterisk.txt | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1048 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/415990/30/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/15336 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2346 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/23002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/20577 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17459 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.assurance.com.au/advisories/200511-asterisk.txt | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1048 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/415990/30/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15336 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2346 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23002 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | 0.1.0 | |
| digium | asterisk | 0.1.1 | |
| digium | asterisk | 0.1.2 | |
| digium | asterisk | 0.1.3 | |
| digium | asterisk | 0.1.4 | |
| digium | asterisk | 0.1.5 | |
| digium | asterisk | 0.1.6 | |
| digium | asterisk | 0.1.7 | |
| digium | asterisk | 0.1.8 | |
| digium | asterisk | 0.1.9 | |
| digium | asterisk | 0.1.10 | |
| digium | asterisk | 0.1.11 | |
| digium | asterisk | 0.1.12 | |
| digium | asterisk | 0.2.0 | |
| digium | asterisk | 0.3.0 | |
| digium | asterisk | 0.4.0 | |
| digium | asterisk | 0.5.0 | |
| digium | asterisk | 0.7.0 | |
| digium | asterisk | 0.7.1 | |
| digium | asterisk | 0.7.2 | |
| digium | asterisk | 1.0.0 | |
| digium | asterisk | 1.0.1 | |
| digium | asterisk | 1.0.2 | |
| digium | asterisk | 1.0.3 | |
| digium | asterisk | 1.0.4 | |
| digium | asterisk | 1.0.5 | |
| digium | asterisk | 1.0.6 | |
| digium | asterisk | 1.0.7 | |
| digium | asterisk | 1.0.8 | |
| digium | asterisk | 1.0.9 | |
| digium | asterisk | 1.0_rc1 | |
| digium | asterisk | 1.0_rc2 | |
| digium | asterisk | 1.2.0_beta1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "864D95C2-9B1B-4EB4-82CD-3BA5E063FEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FB4B52-69CA-45DA-AE22-E6667E8B98FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FF789-3B09-4974-B62F-CCD7F5AA2BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FA92F7-46BB-444C-ADAB-4B550CD0B69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A003A2C3-1C4F-4A76-BABE-C55A761E3321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A063E6CD-16F8-42E0-A9A2-4D33C10F7EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBC7FE3-D810-487C-8FD3-27B8729DCA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DBCFB5-65BF-46FE-AC19-2557B6C0BD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99C185C9-9592-43A1-9811-80E16032F396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD696CD-3B63-4C8B-966E-EE00F44CA44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE096C63-221B-4746-B8B6-9314C4CD6FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24CE1C95-D4C7-4662-AD0D-5219335BAF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9149505F-D47B-40C3-93EB-A3C647A1AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94FC8F82-D648-4127-9914-27414358AC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCCA63B-AB59-4827-BD6F-4AF0155151F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16FC9C13-ADDD-4F09-B977-EE0DEF598B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C20296F-F70A-4D3C-A062-B6054617841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A92B4D-16A7-4D99-8F3A-2E5D3B12C86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16783925-8EC5-431F-90B5-93B16DCC10B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59AF9E-FEC7-44AB-B392-49DB11BAEB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "325C4452-6541-46F6-A86C-6D6987583FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5424B5B4-99B3-4695-8E0D-7E8DC8B88C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "62BDF9F0-1AFD-47E6-9054-A9FC6D422DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8D2125-019A-4B73-9E1A-98E745148803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E49F2D76-DC82-4289-8891-4982795D896A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "203237E0-BB44-42D0-B65B-CBDAAA68A1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter."
}
],
"id": "CVE-2005-3559",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20577"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17459"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19872"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015164"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15336"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2346"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 21:15
Modified
2024-11-21 05:56
Severity ?
Summary
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html | Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Feb/59 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-003.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29260 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Feb/59 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29260 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA727A7F-D350-450F-BF24-9E6D45FA6930",
"versionEndIncluding": "13.38.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
},
{
"lang": "es",
"value": "Los controles de acceso incorrectos en el archivo res_srtp.c en Sangoma Asterisk versiones 13.38.1, 16.16.0, 17.9.1 y 18.2.0 y Certified Asterisk 16.8-cert5, permite a un atacante remoto no autenticado finalizar prematuramente llamadas seguras al reproducir paquetes SRTP"
}
],
"id": "CVE-2021-26712",
"lastModified": "2024-11-21T05:56:43.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T21:15:11.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}