Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for s800i by asterisk

    CVE-2008-1897 (GCVE-0-2008-1897)

    Vulnerability from nvd – Published: 2008-04-23 00:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisory
    http://secunia.com/advisories/29927 third-party-advisory
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entry
    http://www.securityfocus.com/bid/28901 vdb-entry
    http://secunia.com/advisories/30010 third-party-advisory
    http://www.vupen.com/english/advisories/2008/1324 vdb-entry
    http://downloads.digium.com/pub/security/AST-2008…
    http://bugs.digium.com/view.php?id=10078
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    http://www.securityfocus.com/archive/1/491220/100… mailing-list
    http://www.altsci.com/concepts/page.php?s=asteri&p=2
    http://secunia.com/advisories/30042 third-party-advisory
    http://www.debian.org/security/2008/dsa-1563 vendor-advisory
    http://secunia.com/advisories/34982 third-party-advisory
    http://www.securitytracker.com/id?1019918 vdb-entry
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    https://downloads.asterisk.org/pub/security/AST-2…
    https://github.com/xrg/asterisk-xrg/commit/51714a…
    https://github.com/jcollie/asterisk/commit/a8b180…
    https://github.com/xrg/asterisk-xrg/commit/10da3d…
    https://github.com/jcollie/asterisk/commit/771b3d…
    https://github.com/pruiz/asterisk/commit/e0ef9bd2…
    https://github.com/jcollie/asterisk/commit/60de4f…
    https://github.com/mojolingo/asterisk/commit/20ac…
    https://github.com/silentindark/asterisk-1/commit…
    https://github.com/kaoru6/asterisk/commit/1fe14f3…
    https://github.com/lyx2014/Asterisk/commit/0670e4…
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "29927",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29927"
              },
              {
                "name": "asterisk-iax2protocol-ack-dos(41966)",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
              },
              {
                "name": "28901",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28901"
              },
              {
                "name": "30010",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30010"
              },
              {
                "name": "ADV-2008-1324",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1324"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "name": "FEDORA-2008-3390",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
              },
              {
                "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
              },
              {
                "name": "30042",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30042"
              },
              {
                "name": "DSA-1563",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1563"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "name": "1019918",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019918"
              },
              {
                "name": "FEDORA-2008-3365",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server\u0027s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake.  NOTE: this issue exists because of an incomplete fix for CVE-2008-1923."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T02:02:11.362Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "29927",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/29927"
            },
            {
              "name": "asterisk-iax2protocol-ack-dos(41966)",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
            },
            {
              "name": "28901",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/28901"
            },
            {
              "name": "30010",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30010"
            },
            {
              "name": "ADV-2008-1324",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1324"
            },
            {
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "name": "FEDORA-2008-3390",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
            },
            {
              "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
            },
            {
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
            },
            {
              "name": "30042",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30042"
            },
            {
              "name": "DSA-1563",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1563"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "name": "1019918",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id?1019918"
            },
            {
              "name": "FEDORA-2008-3365",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
            },
            {
              "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
            },
            {
              "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
            },
            {
              "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
            },
            {
              "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
            },
            {
              "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1897",
        "datePublished": "2008-04-23T00:00:00.000Z",
        "dateReserved": "2008-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1923 (GCVE-0-2008-1923)

    Vulnerability from nvd – Published: 2008-04-23 16:00 – Updated: 2024-08-07 08:41
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:41:00.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "asterisk-new-dos(42049)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "asterisk-new-dos(42049)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "asterisk-new-dos(42049)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=10078",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.digium.com/view.php?id=10078"
                },
                {
                  "name": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1",
                  "refsource": "MISC",
                  "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1923",
        "datePublished": "2008-04-23T16:00:00.000Z",
        "dateReserved": "2008-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:41:00.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1390 (GCVE-0-2008-1390)

    Vulnerability from nvd – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3764 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/28316 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489819/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29449 third-party-advisoryx_refsource_SECUNIA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1019679 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3764",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3764"
              },
              {
                "name": "28316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28316"
              },
              {
                "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
              },
              {
                "name": "asterisk-httpmanagerid-weak-security(41304)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
              },
              {
                "name": "29449",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29449"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019679"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3764",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3764"
            },
            {
              "name": "28316",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28316"
            },
            {
              "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
            },
            {
              "name": "asterisk-httpmanagerid-weak-security(41304)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
            },
            {
              "name": "29449",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29449"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019679"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1390",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3764",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3764"
                },
                {
                  "name": "28316",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28316"
                },
                {
                  "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
                },
                {
                  "name": "asterisk-httpmanagerid-weak-security(41304)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
                },
                {
                  "name": "29449",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29449"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019679",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019679"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1390",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1289 (GCVE-0-2008-1289)

    Vulnerability from nvd – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/28308 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3763 third-party-advisoryx_refsource_SREASON
    http://labs.musecurity.com/advisories/MU-200803-01.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1019628 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/489817/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28308",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28308"
              },
              {
                "name": "3763",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3763"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
              },
              {
                "name": "asterisk-rtp-codecpayload-bo(41305)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
              },
              {
                "name": "1019628",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019628"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "asterisk-rtppayload-bo(41302)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28308",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28308"
            },
            {
              "name": "3763",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3763"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
            },
            {
              "name": "asterisk-rtp-codecpayload-bo(41305)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
            },
            {
              "name": "1019628",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019628"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "asterisk-rtppayload-bo(41302)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1289",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28308",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28308"
                },
                {
                  "name": "3763",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3763"
                },
                {
                  "name": "http://labs.musecurity.com/advisories/MU-200803-01.txt",
                  "refsource": "MISC",
                  "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
                },
                {
                  "name": "asterisk-rtp-codecpayload-bo(41305)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
                },
                {
                  "name": "1019628",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019628"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-002.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "asterisk-rtppayload-bo(41302)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1289",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1332 (GCVE-0-2008-1332)

    Vulnerability from nvd – Published: 2008-03-20 00:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/29782 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-13.xml vendor-advisoryx_refsource_GENTOO
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28310 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489818/100… mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2008/dsa-1525 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://securitytracker.com/id?1019629 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29957 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29456 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2008:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
              },
              {
                "name": "29782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29782"
              },
              {
                "name": "GLSA-200804-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
              },
              {
                "name": "28310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28310"
              },
              {
                "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
              },
              {
                "name": "DSA-1525",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1525"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019629",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019629"
              },
              {
                "name": "asterisk-sip-security-bypass(41308)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29957",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29957"
              },
              {
                "name": "29456",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29456"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2008:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
            },
            {
              "name": "29782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
            },
            {
              "name": "28310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28310"
            },
            {
              "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
            },
            {
              "name": "DSA-1525",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1525"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019629",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019629"
            },
            {
              "name": "asterisk-sip-security-bypass(41308)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29957",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29957"
            },
            {
              "name": "29456",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29456"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2008:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
                },
                {
                  "name": "29782",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29782"
                },
                {
                  "name": "GLSA-200804-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
                },
                {
                  "name": "28310",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28310"
                },
                {
                  "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
                },
                {
                  "name": "DSA-1525",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1525"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019629",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019629"
                },
                {
                  "name": "asterisk-sip-security-bypass(41308)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29957",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29957"
                },
                {
                  "name": "29456",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29456"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1332",
        "datePublished": "2008-03-20T00:00:00.000Z",
        "dateReserved": "2008-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0095 (GCVE-0-2008-0095)

    Vulnerability from nvd – Published: 2008-01-08 02:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27110 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2008/0019 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/485727/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3520 third-party-advisoryx_refsource_SREASON
    http://bugs.digium.com/view.php?id=11637 x_refsource_MISC
    http://secunia.com/advisories/28312 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019152 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://secunia.com/advisories/28299 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27110"
              },
              {
                "name": "FEDORA-2008-0199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
              },
              {
                "name": "ADV-2008-0019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0019"
              },
              {
                "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
              },
              {
                "name": "asterisk-bye-also-dos(39361)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
              },
              {
                "name": "3520",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3520"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=11637"
              },
              {
                "name": "28312",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28312"
              },
              {
                "name": "1019152",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019152"
              },
              {
                "name": "FEDORA-2008-0198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
              },
              {
                "name": "28299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28299"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27110"
            },
            {
              "name": "FEDORA-2008-0199",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
            },
            {
              "name": "ADV-2008-0019",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0019"
            },
            {
              "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
            },
            {
              "name": "asterisk-bye-also-dos(39361)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
            },
            {
              "name": "3520",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3520"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.digium.com/view.php?id=11637"
            },
            {
              "name": "28312",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28312"
            },
            {
              "name": "1019152",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019152"
            },
            {
              "name": "FEDORA-2008-0198",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
            },
            {
              "name": "28299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28299"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0095",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27110",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27110"
                },
                {
                  "name": "FEDORA-2008-0199",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
                },
                {
                  "name": "ADV-2008-0019",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0019"
                },
                {
                  "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
                },
                {
                  "name": "asterisk-bye-also-dos(39361)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
                },
                {
                  "name": "3520",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3520"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=11637",
                  "refsource": "MISC",
                  "url": "http://bugs.digium.com/view.php?id=11637"
                },
                {
                  "name": "28312",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28312"
                },
                {
                  "name": "1019152",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019152"
                },
                {
                  "name": "FEDORA-2008-0198",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
                },
                {
                  "name": "28299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28299"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0095",
        "datePublished": "2008-01-08T02:00:00.000Z",
        "dateReserved": "2008-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4280 (GCVE-0-2007-4280)

    Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/2808 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26340 third-party-advisoryx_refsource_SECUNIA
    http://downloads.digium.com/pub/asa/ASA-2007-019.pdf x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25228 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1018536 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-2808",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2808"
              },
              {
                "name": "26340",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26340"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
              },
              {
                "name": "asterisk-skinny-channel-dos(35870)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
              },
              {
                "name": "25228",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25228"
              },
              {
                "name": "1018536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-2808",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2808"
            },
            {
              "name": "26340",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26340"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
            },
            {
              "name": "asterisk-skinny-channel-dos(35870)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
            },
            {
              "name": "25228",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25228"
            },
            {
              "name": "1018536",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018536"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-2808",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2808"
                },
                {
                  "name": "26340",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26340"
                },
                {
                  "name": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
                },
                {
                  "name": "asterisk-skinny-channel-dos(35870)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
                },
                {
                  "name": "25228",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25228"
                },
                {
                  "name": "1018536",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018536"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4280",
        "datePublished": "2007-08-09T21:00:00.000Z",
        "dateReserved": "2007-08-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1923 (GCVE-0-2008-1923)

    Vulnerability from cvelistv5 – Published: 2008-04-23 16:00 – Updated: 2024-08-07 08:41
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:41:00.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "asterisk-new-dos(42049)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "asterisk-new-dos(42049)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "asterisk-new-dos(42049)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=10078",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.digium.com/view.php?id=10078"
                },
                {
                  "name": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1",
                  "refsource": "MISC",
                  "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1923",
        "datePublished": "2008-04-23T16:00:00.000Z",
        "dateReserved": "2008-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:41:00.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1897 (GCVE-0-2008-1897)

    Vulnerability from cvelistv5 – Published: 2008-04-23 00:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisory
    http://secunia.com/advisories/29927 third-party-advisory
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entry
    http://www.securityfocus.com/bid/28901 vdb-entry
    http://secunia.com/advisories/30010 third-party-advisory
    http://www.vupen.com/english/advisories/2008/1324 vdb-entry
    http://downloads.digium.com/pub/security/AST-2008…
    http://bugs.digium.com/view.php?id=10078
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    http://www.securityfocus.com/archive/1/491220/100… mailing-list
    http://www.altsci.com/concepts/page.php?s=asteri&p=2
    http://secunia.com/advisories/30042 third-party-advisory
    http://www.debian.org/security/2008/dsa-1563 vendor-advisory
    http://secunia.com/advisories/34982 third-party-advisory
    http://www.securitytracker.com/id?1019918 vdb-entry
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    https://downloads.asterisk.org/pub/security/AST-2…
    https://github.com/xrg/asterisk-xrg/commit/51714a…
    https://github.com/jcollie/asterisk/commit/a8b180…
    https://github.com/xrg/asterisk-xrg/commit/10da3d…
    https://github.com/jcollie/asterisk/commit/771b3d…
    https://github.com/pruiz/asterisk/commit/e0ef9bd2…
    https://github.com/jcollie/asterisk/commit/60de4f…
    https://github.com/mojolingo/asterisk/commit/20ac…
    https://github.com/silentindark/asterisk-1/commit…
    https://github.com/kaoru6/asterisk/commit/1fe14f3…
    https://github.com/lyx2014/Asterisk/commit/0670e4…
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "29927",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29927"
              },
              {
                "name": "asterisk-iax2protocol-ack-dos(41966)",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
              },
              {
                "name": "28901",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28901"
              },
              {
                "name": "30010",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30010"
              },
              {
                "name": "ADV-2008-1324",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1324"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "name": "FEDORA-2008-3390",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
              },
              {
                "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
              },
              {
                "name": "30042",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30042"
              },
              {
                "name": "DSA-1563",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1563"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "name": "1019918",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019918"
              },
              {
                "name": "FEDORA-2008-3365",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server\u0027s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake.  NOTE: this issue exists because of an incomplete fix for CVE-2008-1923."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T02:02:11.362Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "29927",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/29927"
            },
            {
              "name": "asterisk-iax2protocol-ack-dos(41966)",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
            },
            {
              "name": "28901",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/28901"
            },
            {
              "name": "30010",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30010"
            },
            {
              "name": "ADV-2008-1324",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1324"
            },
            {
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "name": "FEDORA-2008-3390",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
            },
            {
              "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
            },
            {
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
            },
            {
              "name": "30042",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30042"
            },
            {
              "name": "DSA-1563",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1563"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "name": "1019918",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id?1019918"
            },
            {
              "name": "FEDORA-2008-3365",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
            },
            {
              "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
            },
            {
              "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
            },
            {
              "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
            },
            {
              "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
            },
            {
              "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1897",
        "datePublished": "2008-04-23T00:00:00.000Z",
        "dateReserved": "2008-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1390 (GCVE-0-2008-1390)

    Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3764 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/28316 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489819/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29449 third-party-advisoryx_refsource_SECUNIA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1019679 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3764",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3764"
              },
              {
                "name": "28316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28316"
              },
              {
                "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
              },
              {
                "name": "asterisk-httpmanagerid-weak-security(41304)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
              },
              {
                "name": "29449",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29449"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019679"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3764",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3764"
            },
            {
              "name": "28316",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28316"
            },
            {
              "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
            },
            {
              "name": "asterisk-httpmanagerid-weak-security(41304)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
            },
            {
              "name": "29449",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29449"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019679"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1390",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3764",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3764"
                },
                {
                  "name": "28316",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28316"
                },
                {
                  "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
                },
                {
                  "name": "asterisk-httpmanagerid-weak-security(41304)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
                },
                {
                  "name": "29449",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29449"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019679",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019679"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1390",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1289 (GCVE-0-2008-1289)

    Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/28308 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3763 third-party-advisoryx_refsource_SREASON
    http://labs.musecurity.com/advisories/MU-200803-01.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1019628 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/489817/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28308",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28308"
              },
              {
                "name": "3763",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3763"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
              },
              {
                "name": "asterisk-rtp-codecpayload-bo(41305)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
              },
              {
                "name": "1019628",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019628"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "asterisk-rtppayload-bo(41302)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28308",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28308"
            },
            {
              "name": "3763",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3763"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
            },
            {
              "name": "asterisk-rtp-codecpayload-bo(41305)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
            },
            {
              "name": "1019628",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019628"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "asterisk-rtppayload-bo(41302)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1289",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28308",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28308"
                },
                {
                  "name": "3763",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3763"
                },
                {
                  "name": "http://labs.musecurity.com/advisories/MU-200803-01.txt",
                  "refsource": "MISC",
                  "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
                },
                {
                  "name": "asterisk-rtp-codecpayload-bo(41305)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
                },
                {
                  "name": "1019628",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019628"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-002.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "asterisk-rtppayload-bo(41302)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1289",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1332 (GCVE-0-2008-1332)

    Vulnerability from cvelistv5 – Published: 2008-03-20 00:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/29782 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-13.xml vendor-advisoryx_refsource_GENTOO
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28310 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489818/100… mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2008/dsa-1525 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://securitytracker.com/id?1019629 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29957 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29456 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2008:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
              },
              {
                "name": "29782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29782"
              },
              {
                "name": "GLSA-200804-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
              },
              {
                "name": "28310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28310"
              },
              {
                "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
              },
              {
                "name": "DSA-1525",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1525"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019629",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019629"
              },
              {
                "name": "asterisk-sip-security-bypass(41308)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29957",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29957"
              },
              {
                "name": "29456",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29456"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2008:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
            },
            {
              "name": "29782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
            },
            {
              "name": "28310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28310"
            },
            {
              "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
            },
            {
              "name": "DSA-1525",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1525"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019629",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019629"
            },
            {
              "name": "asterisk-sip-security-bypass(41308)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29957",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29957"
            },
            {
              "name": "29456",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29456"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2008:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
                },
                {
                  "name": "29782",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29782"
                },
                {
                  "name": "GLSA-200804-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
                },
                {
                  "name": "28310",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28310"
                },
                {
                  "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
                },
                {
                  "name": "DSA-1525",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1525"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019629",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019629"
                },
                {
                  "name": "asterisk-sip-security-bypass(41308)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29957",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29957"
                },
                {
                  "name": "29456",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29456"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1332",
        "datePublished": "2008-03-20T00:00:00.000Z",
        "dateReserved": "2008-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0095 (GCVE-0-2008-0095)

    Vulnerability from cvelistv5 – Published: 2008-01-08 02:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27110 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2008/0019 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/485727/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3520 third-party-advisoryx_refsource_SREASON
    http://bugs.digium.com/view.php?id=11637 x_refsource_MISC
    http://secunia.com/advisories/28312 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019152 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://secunia.com/advisories/28299 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27110"
              },
              {
                "name": "FEDORA-2008-0199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
              },
              {
                "name": "ADV-2008-0019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0019"
              },
              {
                "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
              },
              {
                "name": "asterisk-bye-also-dos(39361)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
              },
              {
                "name": "3520",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3520"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=11637"
              },
              {
                "name": "28312",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28312"
              },
              {
                "name": "1019152",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019152"
              },
              {
                "name": "FEDORA-2008-0198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
              },
              {
                "name": "28299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28299"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27110"
            },
            {
              "name": "FEDORA-2008-0199",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
            },
            {
              "name": "ADV-2008-0019",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0019"
            },
            {
              "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
            },
            {
              "name": "asterisk-bye-also-dos(39361)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
            },
            {
              "name": "3520",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3520"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.digium.com/view.php?id=11637"
            },
            {
              "name": "28312",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28312"
            },
            {
              "name": "1019152",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019152"
            },
            {
              "name": "FEDORA-2008-0198",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
            },
            {
              "name": "28299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28299"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0095",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27110",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27110"
                },
                {
                  "name": "FEDORA-2008-0199",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
                },
                {
                  "name": "ADV-2008-0019",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0019"
                },
                {
                  "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
                },
                {
                  "name": "asterisk-bye-also-dos(39361)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
                },
                {
                  "name": "3520",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3520"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=11637",
                  "refsource": "MISC",
                  "url": "http://bugs.digium.com/view.php?id=11637"
                },
                {
                  "name": "28312",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28312"
                },
                {
                  "name": "1019152",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019152"
                },
                {
                  "name": "FEDORA-2008-0198",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
                },
                {
                  "name": "28299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28299"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0095",
        "datePublished": "2008-01-08T02:00:00.000Z",
        "dateReserved": "2008-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4280 (GCVE-0-2007-4280)

    Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/2808 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26340 third-party-advisoryx_refsource_SECUNIA
    http://downloads.digium.com/pub/asa/ASA-2007-019.pdf x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25228 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1018536 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-2808",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2808"
              },
              {
                "name": "26340",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26340"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
              },
              {
                "name": "asterisk-skinny-channel-dos(35870)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
              },
              {
                "name": "25228",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25228"
              },
              {
                "name": "1018536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-2808",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2808"
            },
            {
              "name": "26340",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26340"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
            },
            {
              "name": "asterisk-skinny-channel-dos(35870)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
            },
            {
              "name": "25228",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25228"
            },
            {
              "name": "1018536",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018536"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-2808",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2808"
                },
                {
                  "name": "26340",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26340"
                },
                {
                  "name": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
                },
                {
                  "name": "asterisk-skinny-channel-dos(35870)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
                },
                {
                  "name": "25228",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25228"
                },
                {
                  "name": "1018536",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018536"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4280",
        "datePublished": "2007-08-09T21:00:00.000Z",
        "dateReserved": "2007-08-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }