Search criteria
44 vulnerabilities found for open_source by asterisk
CVE-2013-2686 (GCVE-0-2013-2686)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"name": "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource": "MISC",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2686",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:02.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2685 (GCVE-0-2013-2685)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 16:44
VLAI?
Summary
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20901",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2685",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:08.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2264 (GCVE-0-2013-2264)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2186 (GCVE-0-2012-2186)
Vulnerability from nvd – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2948 (GCVE-0-2012-2948)
Vulnerability from nvd – Published: 2012-06-02 15:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-scd-dos(75937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2948",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2416 (GCVE-0-2012-2416)
Vulnerability from nvd – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"name": "1026963",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026963"
},
{
"name": "81456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81456"
},
{
"name": "53205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53205"
},
{
"name": "asterisk-sipupdate-dos(75101)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"name": "1026963",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026963"
},
{
"name": "81456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81456"
},
{
"name": "53205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53205"
},
{
"name": "asterisk-sipupdate-dos(75101)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19770",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"name": "1026963",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026963"
},
{
"name": "81456",
"refsource": "OSVDB",
"url": "http://osvdb.org/81456"
},
{
"name": "53205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53205"
},
{
"name": "asterisk-sipupdate-dos(75101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2416",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2415 (GCVE-0-2012-2415)
Vulnerability from nvd – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81455"
},
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "asterisk-skinny-driver-bo(75102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "1026962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026962"
},
{
"name": "53210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81455"
},
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "asterisk-skinny-driver-bo(75102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "1026962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026962"
},
{
"name": "53210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81455",
"refsource": "OSVDB",
"url": "http://osvdb.org/81455"
},
{
"name": "DSA-2460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "asterisk-skinny-driver-bo(75102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"name": "48941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48941"
},
{
"name": "1026962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026962"
},
{
"name": "53210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53210"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2415",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2414 (GCVE-0-2012-2414)
Vulnerability from nvd – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"refsource": "OSVDB",
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2414",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0885 (GCVE-0-2012-0885)
Vulnerability from nvd – Published: 2012-01-25 15:00 – Updated: 2024-09-16 23:41
VLAI?
Summary
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff"
},
{
"name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16"
},
{
"name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-25T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff"
},
{
"name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16"
},
{
"name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19202",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff"
},
{
"name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16"
},
{
"name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18"
},
{
"name": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=783487",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0885",
"datePublished": "2012-01-25T15:00:00Z",
"dateReserved": "2012-01-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:35.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4063 (GCVE-0-2011-4063)
Vulnerability from nvd – Published: 2011-10-21 10:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1026191",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026191"
},
{
"name": "8478",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8478"
},
{
"name": "46420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46420"
},
{
"name": "20111017 AST-2011-012: Remote crash vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520141/100/0/threaded"
},
{
"name": "50177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50177"
},
{
"name": "asterisk-sip-channel-driver-dos(70706)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1026191",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026191"
},
{
"name": "8478",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8478"
},
{
"name": "46420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46420"
},
{
"name": "20111017 AST-2011-012: Remote crash vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520141/100/0/threaded"
},
{
"name": "50177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50177"
},
{
"name": "asterisk-sip-channel-driver-dos(70706)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026191",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026191"
},
{
"name": "8478",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8478"
},
{
"name": "46420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46420"
},
{
"name": "20111017 AST-2011-012: Remote crash vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520141/100/0/threaded"
},
{
"name": "50177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50177"
},
{
"name": "asterisk-sip-channel-driver-dos(70706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70706"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2011-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2011-012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4063",
"datePublished": "2011-10-21T10:00:00",
"dateReserved": "2011-10-15T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2346 (GCVE-0-2009-2346)
Vulnerability from nvd – Published: 2009-09-08 18:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022819",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36275"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2346",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-07-07T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0041 (GCVE-0-2009-0041)
Vulnerability from nvd – Published: 2009-01-14 23:00 – Updated: 2024-08-07 04:17
VLAI?
Summary
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
},
{
"name": "33453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33453"
},
{
"name": "4910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4910"
},
{
"name": "33174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33174"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "1021549",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
},
{
"name": "ADV-2009-0063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0063"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
},
{
"name": "33453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33453"
},
{
"name": "4910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4910"
},
{
"name": "33174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33174"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "1021549",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
},
{
"name": "ADV-2009-0063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0063"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
},
{
"name": "33453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33453"
},
{
"name": "4910",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4910"
},
{
"name": "33174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33174"
},
{
"name": "37677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "1021549",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021549"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
},
{
"name": "ADV-2009-0063",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0063"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0041",
"datePublished": "2009-01-14T23:00:00",
"dateReserved": "2009-01-06T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5558 (GCVE-0-2008-5558)
Vulnerability from nvd – Published: 2008-12-17 17:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32773"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "32956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32956"
},
{
"name": "50675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50675"
},
{
"name": "4769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4769"
},
{
"name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
},
{
"name": "ADV-2008-3403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3403"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1021378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32773"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "32956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32956"
},
{
"name": "50675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50675"
},
{
"name": "4769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4769"
},
{
"name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
},
{
"name": "ADV-2008-3403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3403"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1021378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32773"
},
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "32956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32956"
},
{
"name": "50675",
"refsource": "OSVDB",
"url": "http://osvdb.org/50675"
},
{
"name": "4769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4769"
},
{
"name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
},
{
"name": "ADV-2008-3403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3403"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1021378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5558",
"datePublished": "2008-12-17T17:00:00",
"dateReserved": "2008-12-15T00:00:00",
"dateUpdated": "2024-08-07T10:56:47.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3264 (GCVE-0-2008-3264)
Vulnerability from nvd – Published: 2008-07-24 15:18 – Updated: 2024-08-07 09:28
VLAI?
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3264",
"datePublished": "2008-07-24T15:18:00",
"dateReserved": "2008-07-22T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2119 (GCVE-0-2008-2119)
Vulnerability from nvd – Published: 2008-06-04 19:17 – Updated: 2024-08-07 08:49
VLAI?
Summary
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30517"
},
{
"name": "5749",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5749"
},
{
"name": "asterisk-asturidecode-dos(42823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=12607"
},
{
"name": "1020166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020166"
},
{
"name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
},
{
"name": "ADV-2008-1731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1731"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30517"
},
{
"name": "5749",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5749"
},
{
"name": "asterisk-asturidecode-dos(42823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.digium.com/view.php?id=12607"
},
{
"name": "1020166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020166"
},
{
"name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
},
{
"name": "ADV-2008-1731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1731"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30517"
},
{
"name": "5749",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5749"
},
{
"name": "asterisk-asturidecode-dos(42823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
},
{
"name": "http://bugs.digium.com/view.php?id=12607",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=12607"
},
{
"name": "1020166",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020166"
},
{
"name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
},
{
"name": "ADV-2008-1731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1731"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
},
{
"name": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109",
"refsource": "CONFIRM",
"url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2119",
"datePublished": "2008-06-04T19:17:00",
"dateReserved": "2008-05-08T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2685 (GCVE-0-2013-2685)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 16:44
VLAI?
Summary
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20901",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2685",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:08.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2264 (GCVE-0-2013-2264)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2686 (GCVE-0-2013-2686)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"name": "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource": "MISC",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2686",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:02.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2186 (GCVE-0-2012-2186)
Vulnerability from cvelistv5 – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2948 (GCVE-0-2012-2948)
Vulnerability from cvelistv5 – Published: 2012-06-02 15:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-scd-dos(75937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2948",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2414 (GCVE-0-2012-2414)
Vulnerability from cvelistv5 – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"refsource": "OSVDB",
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2414",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2416 (GCVE-0-2012-2416)
Vulnerability from cvelistv5 – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"name": "1026963",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026963"
},
{
"name": "81456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81456"
},
{
"name": "53205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53205"
},
{
"name": "asterisk-sipupdate-dos(75101)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"name": "1026963",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026963"
},
{
"name": "81456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81456"
},
{
"name": "53205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53205"
},
{
"name": "asterisk-sipupdate-dos(75101)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19770",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"name": "1026963",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026963"
},
{
"name": "81456",
"refsource": "OSVDB",
"url": "http://osvdb.org/81456"
},
{
"name": "53205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53205"
},
{
"name": "asterisk-sipupdate-dos(75101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2416",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2415 (GCVE-0-2012-2415)
Vulnerability from cvelistv5 – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81455"
},
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "asterisk-skinny-driver-bo(75102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "1026962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026962"
},
{
"name": "53210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81455"
},
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "asterisk-skinny-driver-bo(75102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "1026962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026962"
},
{
"name": "53210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81455",
"refsource": "OSVDB",
"url": "http://osvdb.org/81455"
},
{
"name": "DSA-2460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "asterisk-skinny-driver-bo(75102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"name": "48941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48941"
},
{
"name": "1026962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026962"
},
{
"name": "53210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53210"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2415",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0885 (GCVE-0-2012-0885)
Vulnerability from cvelistv5 – Published: 2012-01-25 15:00 – Updated: 2024-09-16 23:41
VLAI?
Summary
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff"
},
{
"name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16"
},
{
"name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-25T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff"
},
{
"name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16"
},
{
"name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19202",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff"
},
{
"name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16"
},
{
"name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18"
},
{
"name": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=783487",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0885",
"datePublished": "2012-01-25T15:00:00Z",
"dateReserved": "2012-01-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:35.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4063 (GCVE-0-2011-4063)
Vulnerability from cvelistv5 – Published: 2011-10-21 10:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1026191",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026191"
},
{
"name": "8478",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8478"
},
{
"name": "46420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46420"
},
{
"name": "20111017 AST-2011-012: Remote crash vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520141/100/0/threaded"
},
{
"name": "50177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50177"
},
{
"name": "asterisk-sip-channel-driver-dos(70706)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1026191",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026191"
},
{
"name": "8478",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8478"
},
{
"name": "46420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46420"
},
{
"name": "20111017 AST-2011-012: Remote crash vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520141/100/0/threaded"
},
{
"name": "50177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50177"
},
{
"name": "asterisk-sip-channel-driver-dos(70706)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2011-012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026191",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026191"
},
{
"name": "8478",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8478"
},
{
"name": "46420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46420"
},
{
"name": "20111017 AST-2011-012: Remote crash vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520141/100/0/threaded"
},
{
"name": "50177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50177"
},
{
"name": "asterisk-sip-channel-driver-dos(70706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70706"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2011-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2011-012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4063",
"datePublished": "2011-10-21T10:00:00",
"dateReserved": "2011-10-15T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2346 (GCVE-0-2009-2346)
Vulnerability from cvelistv5 – Published: 2009-09-08 18:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022819",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022819"
},
{
"name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"name": "36593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36593"
},
{
"name": "36275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36275"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2346",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-07-07T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0041 (GCVE-0-2009-0041)
Vulnerability from cvelistv5 – Published: 2009-01-14 23:00 – Updated: 2024-08-07 04:17
VLAI?
Summary
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
},
{
"name": "33453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33453"
},
{
"name": "4910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4910"
},
{
"name": "33174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33174"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "1021549",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
},
{
"name": "ADV-2009-0063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0063"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
},
{
"name": "33453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33453"
},
{
"name": "4910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4910"
},
{
"name": "33174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33174"
},
{
"name": "37677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "1021549",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
},
{
"name": "ADV-2009-0063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0063"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
},
{
"name": "33453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33453"
},
{
"name": "4910",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4910"
},
{
"name": "33174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33174"
},
{
"name": "37677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37677"
},
{
"name": "DSA-1952",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1952"
},
{
"name": "1021549",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021549"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
},
{
"name": "ADV-2009-0063",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0063"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0041",
"datePublished": "2009-01-14T23:00:00",
"dateReserved": "2009-01-06T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5558 (GCVE-0-2008-5558)
Vulnerability from cvelistv5 – Published: 2008-12-17 17:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32773"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "32956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32956"
},
{
"name": "50675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50675"
},
{
"name": "4769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4769"
},
{
"name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
},
{
"name": "ADV-2008-3403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3403"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1021378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32773"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "32956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32956"
},
{
"name": "50675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50675"
},
{
"name": "4769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4769"
},
{
"name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
},
{
"name": "ADV-2008-3403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3403"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1021378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32773"
},
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "32956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32956"
},
{
"name": "50675",
"refsource": "OSVDB",
"url": "http://osvdb.org/50675"
},
{
"name": "4769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4769"
},
{
"name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
},
{
"name": "ADV-2008-3403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3403"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1021378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5558",
"datePublished": "2008-12-17T17:00:00",
"dateReserved": "2008-12-15T00:00:00",
"dateUpdated": "2024-08-07T10:56:47.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3264 (GCVE-0-2008-3264)
Vulnerability from cvelistv5 – Published: 2008-07-24 15:18 – Updated: 2024-08-07 09:28
VLAI?
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3264",
"datePublished": "2008-07-24T15:18:00",
"dateReserved": "2008-07-22T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2119 (GCVE-0-2008-2119)
Vulnerability from cvelistv5 – Published: 2008-06-04 19:17 – Updated: 2024-08-07 08:49
VLAI?
Summary
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30517"
},
{
"name": "5749",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5749"
},
{
"name": "asterisk-asturidecode-dos(42823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=12607"
},
{
"name": "1020166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020166"
},
{
"name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
},
{
"name": "ADV-2008-1731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1731"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30517"
},
{
"name": "5749",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5749"
},
{
"name": "asterisk-asturidecode-dos(42823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.digium.com/view.php?id=12607"
},
{
"name": "1020166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020166"
},
{
"name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
},
{
"name": "ADV-2008-1731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1731"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "30517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30517"
},
{
"name": "5749",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5749"
},
{
"name": "asterisk-asturidecode-dos(42823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
},
{
"name": "http://bugs.digium.com/view.php?id=12607",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=12607"
},
{
"name": "1020166",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020166"
},
{
"name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
},
{
"name": "ADV-2008-1731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1731"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
},
{
"name": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109",
"refsource": "CONFIRM",
"url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2119",
"datePublished": "2008-06-04T19:17:00",
"dateReserved": "2008-05-08T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}