Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for asterisknow by digium

    CVE-2011-1147 (GCVE-0-2011-1147)

    Vulnerability from nvd – Published: 2011-03-15 17:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/43702 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/46474 vdb-entryx_refsource_BID
    http://www.debian.org/security/2011/dsa-2225 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43429 third-party-advisoryx_refsource_SECUNIA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2011/0635 vdb-entryx_refsource_VUPEN
    http://www.openwall.com/lists/oss-security/2011/03/11/2 mailing-listx_refsource_MLIST
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1025101 vdb-entryx_refsource_SECTRACK
    http://www.openwall.com/lists/oss-security/2011/03/11/8 mailing-listx_refsource_MLIST
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_CONFIRM
    Date Public
    2011-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:27.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43702",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43702"
              },
              {
                "name": "46474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46474"
              },
              {
                "name": "DSA-2225",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2225"
              },
              {
                "name": "43429",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43429"
              },
              {
                "name": "FEDORA-2011-2438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
              },
              {
                "name": "ADV-2011-0635",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0635"
              },
              {
                "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
              },
              {
                "name": "FEDORA-2011-2360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
              },
              {
                "name": "FEDORA-2011-2558",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
              },
              {
                "name": "1025101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025101"
              },
              {
                "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-08-23T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "43702",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43702"
            },
            {
              "name": "46474",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46474"
            },
            {
              "name": "DSA-2225",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2225"
            },
            {
              "name": "43429",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43429"
            },
            {
              "name": "FEDORA-2011-2438",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
            },
            {
              "name": "ADV-2011-0635",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0635"
            },
            {
              "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
            },
            {
              "name": "FEDORA-2011-2360",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
            },
            {
              "name": "FEDORA-2011-2558",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
            },
            {
              "name": "1025101",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025101"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-1147",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43702",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43702"
                },
                {
                  "name": "46474",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46474"
                },
                {
                  "name": "DSA-2225",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2225"
                },
                {
                  "name": "43429",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43429"
                },
                {
                  "name": "FEDORA-2011-2438",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
                },
                {
                  "name": "ADV-2011-0635",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0635"
                },
                {
                  "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
                },
                {
                  "name": "FEDORA-2011-2360",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
                },
                {
                  "name": "FEDORA-2011-2558",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
                },
                {
                  "name": "1025101",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025101"
                },
                {
                  "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2011-002.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1147",
        "datePublished": "2011-03-15T17:00:00.000Z",
        "dateReserved": "2011-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:27.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0495 (GCVE-0-2011-0495)

    Vulnerability from nvd – Published: 2011-01-20 18:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2011/0159 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_CONFIRM
    http://secunia.com/advisories/43373 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0449 vdb-entryx_refsource_VUPEN
    http://osvdb.org/70518 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/45839 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2011/0281 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2011/dsa-2171 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43119 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_MISC
    http://www.securityfocus.com/archive/1/515781/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/42935 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:24.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2011-0159",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0159"
              },
              {
                "name": "FEDORA-2011-0794",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
              },
              {
                "name": "43373",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43373"
              },
              {
                "name": "ADV-2011-0449",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0449"
              },
              {
                "name": "70518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70518"
              },
              {
                "name": "45839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45839"
              },
              {
                "name": "ADV-2011-0281",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0281"
              },
              {
                "name": "FEDORA-2011-0774",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
              },
              {
                "name": "DSA-2171",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2171"
              },
              {
                "name": "43119",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43119"
              },
              {
                "name": "asterisk-asturiencode-bo(64831)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
              },
              {
                "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
              },
              {
                "name": "42935",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42935"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2011-0159",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0159"
            },
            {
              "name": "FEDORA-2011-0794",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
            },
            {
              "name": "43373",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43373"
            },
            {
              "name": "ADV-2011-0449",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0449"
            },
            {
              "name": "70518",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70518"
            },
            {
              "name": "45839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45839"
            },
            {
              "name": "ADV-2011-0281",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0281"
            },
            {
              "name": "FEDORA-2011-0774",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
            },
            {
              "name": "DSA-2171",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2171"
            },
            {
              "name": "43119",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43119"
            },
            {
              "name": "asterisk-asturiencode-bo(64831)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
            },
            {
              "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
            },
            {
              "name": "42935",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42935"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2011-0159",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0159"
                },
                {
                  "name": "FEDORA-2011-0794",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2011-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
                },
                {
                  "name": "43373",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43373"
                },
                {
                  "name": "ADV-2011-0449",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0449"
                },
                {
                  "name": "70518",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70518"
                },
                {
                  "name": "45839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45839"
                },
                {
                  "name": "ADV-2011-0281",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0281"
                },
                {
                  "name": "FEDORA-2011-0774",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
                },
                {
                  "name": "DSA-2171",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2171"
                },
                {
                  "name": "43119",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43119"
                },
                {
                  "name": "asterisk-asturiencode-bo(64831)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff",
                  "refsource": "MISC",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
                },
                {
                  "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
                },
                {
                  "name": "42935",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42935"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0495",
        "datePublished": "2011-01-20T18:00:00.000Z",
        "dateReserved": "2011-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:24.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3727 (GCVE-0-2009-3727)

    Vulnerability from nvd – Published: 2009-11-10 18:00 – Updated: 2024-08-07 06:38
    VLAI
    Summary
    Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/37265 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/37479 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/37677 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1952 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=523277 x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=533137 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/36924 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://osvdb.org/59697 vdb-entryx_refsource_OSVDB
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1023133 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:38:30.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37265",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37265"
              },
              {
                "name": "FEDORA-2009-11126",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
              },
              {
                "name": "37479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37479"
              },
              {
                "name": "37677",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37677"
              },
              {
                "name": "DSA-1952",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1952"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
              },
              {
                "name": "36924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36924"
              },
              {
                "name": "FEDORA-2009-11070",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
              },
              {
                "name": "59697",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/59697"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
              },
              {
                "name": "1023133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-11-19T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "37265",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37265"
            },
            {
              "name": "FEDORA-2009-11126",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
            },
            {
              "name": "37479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37479"
            },
            {
              "name": "37677",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37677"
            },
            {
              "name": "DSA-1952",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1952"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
            },
            {
              "name": "36924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36924"
            },
            {
              "name": "FEDORA-2009-11070",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
            },
            {
              "name": "59697",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/59697"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
            },
            {
              "name": "1023133",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023133"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-3727",
        "datePublished": "2009-11-10T18:00:00.000Z",
        "dateReserved": "2009-10-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:38:30.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1147 (GCVE-0-2011-1147)

    Vulnerability from cvelistv5 – Published: 2011-03-15 17:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/43702 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/46474 vdb-entryx_refsource_BID
    http://www.debian.org/security/2011/dsa-2225 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43429 third-party-advisoryx_refsource_SECUNIA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2011/0635 vdb-entryx_refsource_VUPEN
    http://www.openwall.com/lists/oss-security/2011/03/11/2 mailing-listx_refsource_MLIST
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1025101 vdb-entryx_refsource_SECTRACK
    http://www.openwall.com/lists/oss-security/2011/03/11/8 mailing-listx_refsource_MLIST
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_CONFIRM
    Date Public
    2011-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:27.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43702",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43702"
              },
              {
                "name": "46474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46474"
              },
              {
                "name": "DSA-2225",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2225"
              },
              {
                "name": "43429",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43429"
              },
              {
                "name": "FEDORA-2011-2438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
              },
              {
                "name": "ADV-2011-0635",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0635"
              },
              {
                "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
              },
              {
                "name": "FEDORA-2011-2360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
              },
              {
                "name": "FEDORA-2011-2558",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
              },
              {
                "name": "1025101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025101"
              },
              {
                "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-08-23T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "43702",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43702"
            },
            {
              "name": "46474",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46474"
            },
            {
              "name": "DSA-2225",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2225"
            },
            {
              "name": "43429",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43429"
            },
            {
              "name": "FEDORA-2011-2438",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
            },
            {
              "name": "ADV-2011-0635",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0635"
            },
            {
              "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
            },
            {
              "name": "FEDORA-2011-2360",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
            },
            {
              "name": "FEDORA-2011-2558",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
            },
            {
              "name": "1025101",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025101"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-1147",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43702",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43702"
                },
                {
                  "name": "46474",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46474"
                },
                {
                  "name": "DSA-2225",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2225"
                },
                {
                  "name": "43429",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43429"
                },
                {
                  "name": "FEDORA-2011-2438",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
                },
                {
                  "name": "ADV-2011-0635",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0635"
                },
                {
                  "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
                },
                {
                  "name": "FEDORA-2011-2360",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
                },
                {
                  "name": "FEDORA-2011-2558",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
                },
                {
                  "name": "1025101",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025101"
                },
                {
                  "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2011-002.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1147",
        "datePublished": "2011-03-15T17:00:00.000Z",
        "dateReserved": "2011-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:27.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0495 (GCVE-0-2011-0495)

    Vulnerability from cvelistv5 – Published: 2011-01-20 18:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2011/0159 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_CONFIRM
    http://secunia.com/advisories/43373 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0449 vdb-entryx_refsource_VUPEN
    http://osvdb.org/70518 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/45839 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2011/0281 vdb-entryx_refsource_VUPEN
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2011/dsa-2171 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43119 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_MISC
    http://www.securityfocus.com/archive/1/515781/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/42935 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:24.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2011-0159",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0159"
              },
              {
                "name": "FEDORA-2011-0794",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
              },
              {
                "name": "43373",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43373"
              },
              {
                "name": "ADV-2011-0449",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0449"
              },
              {
                "name": "70518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70518"
              },
              {
                "name": "45839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45839"
              },
              {
                "name": "ADV-2011-0281",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0281"
              },
              {
                "name": "FEDORA-2011-0774",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
              },
              {
                "name": "DSA-2171",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2171"
              },
              {
                "name": "43119",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43119"
              },
              {
                "name": "asterisk-asturiencode-bo(64831)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
              },
              {
                "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
              },
              {
                "name": "42935",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42935"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2011-0159",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0159"
            },
            {
              "name": "FEDORA-2011-0794",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
            },
            {
              "name": "43373",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43373"
            },
            {
              "name": "ADV-2011-0449",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0449"
            },
            {
              "name": "70518",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70518"
            },
            {
              "name": "45839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45839"
            },
            {
              "name": "ADV-2011-0281",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0281"
            },
            {
              "name": "FEDORA-2011-0774",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
            },
            {
              "name": "DSA-2171",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2171"
            },
            {
              "name": "43119",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43119"
            },
            {
              "name": "asterisk-asturiencode-bo(64831)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
            },
            {
              "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
            },
            {
              "name": "42935",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42935"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2011-0159",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0159"
                },
                {
                  "name": "FEDORA-2011-0794",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2011-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
                },
                {
                  "name": "43373",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43373"
                },
                {
                  "name": "ADV-2011-0449",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0449"
                },
                {
                  "name": "70518",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70518"
                },
                {
                  "name": "45839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45839"
                },
                {
                  "name": "ADV-2011-0281",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0281"
                },
                {
                  "name": "FEDORA-2011-0774",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
                },
                {
                  "name": "DSA-2171",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2171"
                },
                {
                  "name": "43119",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43119"
                },
                {
                  "name": "asterisk-asturiencode-bo(64831)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff",
                  "refsource": "MISC",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
                },
                {
                  "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
                },
                {
                  "name": "42935",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42935"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0495",
        "datePublished": "2011-01-20T18:00:00.000Z",
        "dateReserved": "2011-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:24.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3727 (GCVE-0-2009-3727)

    Vulnerability from cvelistv5 – Published: 2009-11-10 18:00 – Updated: 2024-08-07 06:38
    VLAI
    Summary
    Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/37265 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/37479 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/37677 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1952 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=523277 x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=533137 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/36924 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://osvdb.org/59697 vdb-entryx_refsource_OSVDB
    http://downloads.asterisk.org/pub/security/AST-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1023133 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:38:30.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37265",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37265"
              },
              {
                "name": "FEDORA-2009-11126",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
              },
              {
                "name": "37479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37479"
              },
              {
                "name": "37677",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37677"
              },
              {
                "name": "DSA-1952",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1952"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
              },
              {
                "name": "36924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36924"
              },
              {
                "name": "FEDORA-2009-11070",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
              },
              {
                "name": "59697",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/59697"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
              },
              {
                "name": "1023133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-11-19T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "37265",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37265"
            },
            {
              "name": "FEDORA-2009-11126",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
            },
            {
              "name": "37479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37479"
            },
            {
              "name": "37677",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37677"
            },
            {
              "name": "DSA-1952",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1952"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
            },
            {
              "name": "36924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36924"
            },
            {
              "name": "FEDORA-2009-11070",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
            },
            {
              "name": "59697",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/59697"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
            },
            {
              "name": "1023133",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023133"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-3727",
        "datePublished": "2009-11-10T18:00:00.000Z",
        "dateReserved": "2009-10-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:38:30.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }